Handle server name overflow properly We need to make sure it is null terminated on truncation. We also need to avoid giving a too large size argument or modern gcc will complain.

commit: 7240f62ddc06643f982456c05c11d8afe5422069 [log] [tgz]
author: Pierre Ossman <ossman@cendio.se> Tue Mar 26 11:11:20 2019 +0100
committer: Pierre Ossman <ossman@cendio.se> Tue Mar 26 11:11:20 2019 +0100
tree: b4edd3f32545dd2950eed16baa806516709e16ae
parent: 78bdd1700c4e42b492286a2af25bea0825848f99 [diff]
diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
index d7cbd6e..4a8370b 100644
--- a/vncviewer/vncviewer.cxx
+++ b/vncviewer/vncviewer.cxx

@@ -411,7 +411,8 @@
       newServerName = loadViewerParameters(vncServerName);
       // This might be empty, but we still need to clear it so we
       // don't try to connect to the filename
-      strncpy(vncServerName, newServerName, VNCSERVERNAMELEN);
+      strncpy(vncServerName, newServerName, VNCSERVERNAMELEN-1);
+      vncServerName[VNCSERVERNAMELEN-1] = '\0';
     } catch (rfb::Exception& e) {
       vlog.error("%s", e.str());
       if (alertOnFatalError)
@@ -541,8 +542,10 @@
   try {
     const char* configServerName;
     configServerName = loadViewerParameters(NULL);
-    if (configServerName != NULL)
-      strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN);
+    if (configServerName != NULL) {
+      strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN-1);
+      defaultServerName[VNCSERVERNAMELEN-1] = '\0';
+    }
   } catch (rfb::Exception& e) {
     vlog.error("%s", e.str());
     if (alertOnFatalError)
commit	7240f62ddc06643f982456c05c11d8afe5422069	[log] [tgz]
author	Pierre Ossman <ossman@cendio.se>	Tue Mar 26 11:11:20 2019 +0100
committer	Pierre Ossman <ossman@cendio.se>	Tue Mar 26 11:11:20 2019 +0100
tree	b4edd3f32545dd2950eed16baa806516709e16ae
parent	78bdd1700c4e42b492286a2af25bea0825848f99 [diff]