Do not crash passwd when using malloc perturb checks

Resolves: bz#1631483
2018-09-25 11:44:29 +02:00 · 2018-09-25 11:44:29 +02:00 · cdb07f6fa9
commit cdb07f6fa9
parent 9c672c186e
2 changed files with 49 additions and 1 deletions
--- a/tigervnc-passwd-crash-with-malloc-checks.patch
+++ b/tigervnc-passwd-crash-with-malloc-checks.patch
@ -0,0 +1,41 @@
+diff --git a/common/rfb/Password.cxx b/common/rfb/Password.cxx
+index 240c9d4..cf9362e 100644
+--- a/common/rfb/Password.cxx
+++ b/common/rfb/Password.cxx
+@@ -55,7 +55,7 @@ PlainPasswd::~PlainPasswd() {
+
+ void PlainPasswd::replaceBuf(char* b) {
+   if (buf)
+-    memset(buf, 0, strlen(buf));
+    memset(buf, 0, length ? length : strlen(buf));
+   CharArray::replaceBuf(b);
+ }
+
+diff --git a/common/rfb/util.h b/common/rfb/util.h
+index b678b89..fffe322 100644
+--- a/common/rfb/util.h
+++ b/common/rfb/util.h
+@@ -50,16 +50,21 @@ namespace rfb {
+     CharArray() : buf(0) {}
+     CharArray(char* str) : buf(str) {} // note: assumes ownership
+     CharArray(int len) {
+      length = len;
+       buf = new char[len];
+     }
+     ~CharArray() {
+-      delete [] buf;
+      if (buf) {
+        delete [] buf;
+        buf = nullptr;
+      }
+     }
+     void format(const char *fmt, ...) __printf_attr(2, 3);
+     // Get the buffer pointer & clear it (i.e. caller takes ownership)
+     char* takeBuf() {char* tmp = buf; buf = 0; return tmp;}
+-    void replaceBuf(char* b) {delete [] buf; buf = b;}
+    void replaceBuf(char* b) {if (buf) delete [] buf; buf = b;}
+     char* buf;
+    int length = 0;
+   private:
+     CharArray(const CharArray&);
+     CharArray& operator=(const CharArray&);
--- a/tigervnc.spec
+++ b/tigervnc.spec
@ -1,6 +1,6 @@
 Name:           tigervnc
 Version:        1.9.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        A TigerVNC remote display system

 %global _hardened_build 1
@ -21,6 +21,7 @@ Patch3:         tigervnc-shebang.patch
 Patch4:         tigervnc-xstartup.patch
 Patch5:         tigervnc-utilize-system-crypto-policies.patch
 Patch6:         tigervnc-ignore-buttons-in-mouse-leave-event.patch
+Patch7:         tigervnc-passwd-crash-with-malloc-checks.patch

 Patch100:       tigervnc-xserver120.patch

@ -159,6 +160,8 @@ popd

 %patch6 -p1 -b .ignore-buttons-in-mouse-leave-event

+%patch7 -p1 -b .tigervnc-passwd-crash-with-malloc-checks
+
 %build
 %ifarch sparcv9 sparc64 s390 s390x
 export CFLAGS="$RPM_OPT_FLAGS -fPIC"
@ -304,6 +307,10 @@ install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.c
 %{_datadir}/icons/hicolor/*/apps/*

 %changelog
+* Tue Sep 25 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-3
+- Do not crash passwd when using malloc perturb checks
+  Resolves: bz#1631483
+
 * Wed Aug 01 2018 Jan Grulich <jgrulich@redhat.com> - 1.9.0-2
 - Ignore buttons in mouse leave events
  Resolves: bz#1609516