Skip to content
Commit 9c8b9f81 authored by Huzaifa Sidhpurwala's avatar Huzaifa Sidhpurwala Committed by David King
Browse files

Do not leak clipboard to unauthenticated clients 

vino_server_clipboard_cb() in vino-server.c is the callback which is
triggered when a clipboard copy event is fired.

After doing some initial checks, (1. If there are any connected clients,
2. If the server is on hold etc), it converts the text to UTF-8 and then
passes it on to rfbSendServerCutText(). Here data is pasted to each
client, without verifying if the client is authenticated.

The patch checks if the client is authenticated and only then it allows
the clipboard text to be sent to it.

Fixes bug 678434. This is a security issue, and has been assigned
CVE-2012-4429:
http://www.openwall.com/lists/oss-security/2012/09/14/1
parent a57f8cfa
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment