libvncserver icon indicating copy to clipboard operation
libvncserver copied to clipboard
verified publisher icon LibVNC

Memory leaks in src/libvncserver/rfbserver.c, src/libvncserver/sockets.c, src/libvncserver/rfbserver.c

Open shaue188 opened this issue 7 months ago • 1 comments

Additional context

Our company uses libvncserver in our product. I am working on static analysis, and one of my tasks was to scan libvncserver package. During the scan, I found some errors in code:

Describe errors

  1. https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/rfbserver.c#L1409 Handle dirp is created by calling function 'opendir' and lost at https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/rfbserver.c#L1415, need closedir(dirp) there.

  2. https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/sockets.c#L1211 Handle 'sock' is created by calling function 'socket' and lost at https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/sockets.c#L1216 and https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/sockets.c#L1219, need close(sock) there.

  3. https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/rfbserver.c#L347 Dynamic memory, referenced by 'cl->host', is allocated by calling function 'strdup' and lost at https://github.com/LibVNC/libvncserver/blob/master/src/libvncserver/rfbserver.c#L364, possibly need rfbCloseClient(cl) there

shaue188 avatar Apr 28 '25 22:04 shaue188

Thanks for spotting - happy about one or three PRs!

bk138 avatar Apr 29 '25 21:04 bk138