Fix stack-based buffer overflow

There was a possible buffer overflow in rfbFileTransferOffer message when processing the FileTime. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Fix stack-based buffer overflow
There was a possible buffer overflow in rfbFileTransferOffer message when processing the FileTime. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
c18fa98b · Nicolas Ruff · Johannes Schindelin · 7e9ce73b · c18fa98b
Commit c18fa98b authored Sep 01, 2014 by Nicolas Ruff Committed by Johannes Schindelin Oct 07, 2014
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

rfbserver.c libvncserver/rfbserver.c +2 -1

No files found.
--- a/libvncserver/rfbserver.c
+++ b/libvncserver/rfbserver.c
@@ -1770,7 +1770,8 @@ rfbBool rfbProcessFileTransfer(rfbClientPtr cl, uint8_t contentType, uint8_t con
        p = strrchr(buffer, ',');
        if (p!=NULL) {
            *p = '\0';
-            strcpy(szFileTime, p+1);
+            strncpy(szFileTime, p+1, sizeof(szFileTime));
+            szFileTime[sizeof(szFileTime)-1] = '\x00'; /* ensure NULL terminating byte is present, even if copy overflowed */
        } else
            szFileTime[0]=0;