Do not leak clipboard to unauthenticated clients
vino_server_clipboard_cb() in vino-server.c is the callback which is triggered when a clipboard copy event is fired. After doing some initial checks, (1. If there are any connected clients, 2. If the server is on hold etc), it converts the text to UTF-8 and then passes it on to rfbSendServerCutText(). Here data is pasted to each client, without verifying if the client is authenticated. The patch checks if the client is authenticated and only then it allows the clipboard text to be sent to it. Fixes bug 678434. This is a security issue, and has been assigned CVE-2012-4429: http://www.openwall.com/lists/oss-security/2012/09/14/1
parent
a57f8cfa
Please register or sign in to comment