~ubuntu-branches/ubuntu/vivid/vino/vivid-proposed

Viewing changes to server/libvncserver/rfbserver.c

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2013-01-18 11:23:12 UTC
Revision ID: package-import@ubuntu.com-20130118112312-qisprkvun8b72xk8

Tags: 3.6.2-0ubuntu2

* SECURITY UPDATE: clipboard leak to unauthenticated clients
  - debian/patches/CVE-2012-4429.patch: make sure client is authenticated
    in server/libvncserver/rfbserver.c.
  - CVE-2012-4429

files added:
.pc/CVE-2012-4429.patch

.pc/CVE-2012-4429.patch/server

.pc/CVE-2012-4429.patch/server/libvncserver

.pc/CVE-2012-4429.patch/server/libvncserver/rfbserver.c

debian/patches/CVE-2012-4429.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

server/libvncserver/rfbserver.c

Show diffs side-by-side

added added

removed removed

server/libvncserver/rfbserver.c

1522

1523

1524

1525

* rfbSendServerCutText sends a ServerCutText message to all the clients.

1525

* rfbSendServerCutText sends a ServerCutText message to all the authenticated

1526

* clients.

1526

1527

1528

1529

void

1534

1535

1536

iterator = rfbGetClientIterator(rfbScreen);

1536

1537

while ((cl = rfbClientIteratorNext(iterator)) != NULL) {

1538

/* Client is not authenticated, ignore. See GNOME bug 678434. */

1539

if (cl->state != RFB_NORMAL)

1540

continue;

1541

1537

1542

sct.type = rfbServerCutText;

1538

1543

sct.length = Swap32IfLE(len);

1539

1544

if (WriteExact(cl, (char *)&sct,

Older »