Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_tigervnc / 546b2ad80a68e80a737aade06f0685cccb5e9716^! / . / common
commit546b2ad80a68e80a737aade06f0685cccb5e9716[log] [tgz]
authorPierre Ossman <ossman@cendio.se>Thu May 02 12:32:03 2019 +0200
committerPierre Ossman <ossman@cendio.se>Mon Jul 01 10:38:35 2019 +0200
tree60c577e30c103c16175047ea11c2bcee2b101258
parent2ff61a285efda80cca7f1855aca23b99149bac8c [diff]
Make sure clipboard uses \n line endings

This is required by the protocol so we should make sure it is
enforced. We are tolerant of clients that violate this though and
convert incoming clipboard data.

diff --git a/common/rfb/CMsgReader.cxx b/common/rfb/CMsgReader.cxx
index 2b5b9fb..a928eb1 100644
--- a/common/rfb/CMsgReader.cxx
+++ b/common/rfb/CMsgReader.cxx

@@ -157,10 +157,10 @@
     vlog.error("cut text too long (%d bytes) - ignoring",len);
     return;
   }
-  CharArray ca(len+1);
-  ca.buf[len] = 0;
+  CharArray ca(len);
   is->readBytes(ca.buf, len);
-  handler->serverCutText(ca.buf, len);
+  CharArray filtered(convertLF(ca.buf, len));
+  handler->serverCutText(filtered.buf, strlen(filtered.buf));
 }
 
 void CMsgReader::readFence()

diff --git a/common/rfb/CMsgWriter.cxx b/common/rfb/CMsgWriter.cxx
index d357c97..fed0bd2 100644
--- a/common/rfb/CMsgWriter.cxx
+++ b/common/rfb/CMsgWriter.cxx

@@ -181,6 +181,9 @@
 
 void CMsgWriter::writeClientCutText(const char* str, rdr::U32 len)
 {
+  if (memchr(str, '\r', len) != NULL)
+    throw Exception("Invalid carriage return in clipboard data");
+
   startMsg(msgTypeClientCutText);
   os->pad(3);
   os->writeU32(len);

diff --git a/common/rfb/SMsgReader.cxx b/common/rfb/SMsgReader.cxx
index 200350c..0c0e8b2 100644
--- a/common/rfb/SMsgReader.cxx
+++ b/common/rfb/SMsgReader.cxx

@@ -212,10 +212,10 @@
     vlog.error("Cut text too long (%d bytes) - ignoring", len);
     return;
   }
-  CharArray ca(len+1);
-  ca.buf[len] = 0;
+  CharArray ca(len);
   is->readBytes(ca.buf, len);
-  handler->clientCutText(ca.buf, len);
+  CharArray filtered(convertLF(ca.buf, len));
+  handler->clientCutText(filtered.buf, strlen(filtered.buf));
 }
 
 void SMsgReader::readQEMUMessage()

diff --git a/common/rfb/SMsgWriter.cxx b/common/rfb/SMsgWriter.cxx
index 6a2c2ba..f0748ff 100644
--- a/common/rfb/SMsgWriter.cxx
+++ b/common/rfb/SMsgWriter.cxx

@@ -80,6 +80,9 @@
 
 void SMsgWriter::writeServerCutText(const char* str, int len)
 {
+  if (memchr(str, '\r', len) != NULL)
+    throw Exception("Invalid carriage return in clipboard data");
+
   startMsg(msgTypeServerCutText);
   os->pad(3);
   os->writeU32(len);

diff --git a/common/rfb/VNCServerST.cxx b/common/rfb/VNCServerST.cxx
index c95c14f..7820aef 100644
--- a/common/rfb/VNCServerST.cxx
+++ b/common/rfb/VNCServerST.cxx

@@ -342,6 +342,8 @@
 
 void VNCServerST::serverCutText(const char* str, int len)
 {
+  if (memchr(str, '\r', len) != NULL)
+    throw Exception("Invalid carriage return in clipboard data");
   std::list<VNCSConnectionST*>::iterator ci, ci_next;
   for (ci = clients.begin(); ci != clients.end(); ci = ci_next) {
     ci_next = ci; ci_next++;

diff --git a/common/rfb/util.cxx b/common/rfb/util.cxx
index f52213b..f43a945 100644
--- a/common/rfb/util.cxx
+++ b/common/rfb/util.cxx

@@ -1,4 +1,5 @@
 /* Copyright (C) 2002-2005 RealVNC Ltd.  All Rights Reserved.
+ * Copyright 2011-2019 Pierre Ossman for Cendio AB
  * 
  * This is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -107,6 +108,61 @@
     dest[src ? destlen-1 : 0] = 0;
   }
 
+  char* convertLF(const char* src, size_t bytes)
+  {
+    char* buffer;
+    size_t sz;
+
+    char* out;
+    const char* in;
+    size_t in_len;
+
+    // Always include space for a NULL
+    sz = 1;
+
+    // Compute output size
+    in = src;
+    in_len = bytes;
+    while ((*in != '\0') && (in_len > 0)) {
+      if (*in != '\r') {
+        sz++;
+        in++;
+        in_len--;
+        continue;
+      }
+
+      if ((in_len == 0) || (*(in+1) != '\n'))
+        sz++;
+
+      in++;
+      in_len--;
+    }
+
+    // Alloc
+    buffer = new char[sz];
+    memset(buffer, 0, sz);
+
+    // And convert
+    out = buffer;
+    in = src;
+    in_len = bytes;
+    while ((*in != '\0') && (in_len > 0)) {
+      if (*in != '\r') {
+        *out++ = *in++;
+        in_len--;
+        continue;
+      }
+
+      if ((in_len == 0) || (*(in+1) != '\n'))
+        *out++ = '\n';
+
+      in++;
+      in_len--;
+    }
+
+    return buffer;
+  }
+
   unsigned msBetween(const struct timeval *first,
                      const struct timeval *second)
   {

diff --git a/common/rfb/util.h b/common/rfb/util.h
index 9e59bd3..de09669 100644
--- a/common/rfb/util.h
+++ b/common/rfb/util.h

@@ -1,4 +1,5 @@
 /* Copyright (C) 2002-2005 RealVNC Ltd.  All Rights Reserved.
+ * Copyright 2011-2019 Pierre Ossman for Cendio AB
  * 
  * This is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -83,6 +84,9 @@
   // Copies src to dest, up to specified length-1, and guarantees termination
   void strCopy(char* dest, const char* src, int destlen);
 
+  // Makes sure line endings are in a certain format
+
+  char* convertLF(const char* src, size_t bytes = (size_t)-1);
 
   // HELPER functions for timeout handling