From: Christian Beier <dontmind@freeshell.org>
Date: Sat, 29 Sep 2018 21:10:32 +0200
Subject: LibVNCClient: don't leak uninitialised memory to remote
Origin: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-20022
Bug-Debian: https://bugs.debian.org/916941
Bug: https://github.com/LibVNC/libvncserver/issues/252

The pad fields of the rfbClientCutTextMsg and rfbKeyEventMsg could contain arbitray memory belonging to the process,
don't leak this to the remote.

Closes #252
---
 libvncclient/rfbproto.c | 2 ++
 1 file changed, 2 insertions(+)

--- a/libvncclient/rfbproto.c
+++ b/libvncclient/rfbproto.c
@@ -1739,6 +1739,7 @@
 
   if (!SupportsClient2Server(client, rfbKeyEvent)) return TRUE;
 
+  memset(&ke, 0, sizeof(ke));
   ke.type = rfbKeyEvent;
   ke.down = down ? 1 : 0;
   ke.key = rfbClientSwap32IfLE(key);
@@ -1757,6 +1758,7 @@
 
   if (!SupportsClient2Server(client, rfbClientCutText)) return TRUE;
 
+  memset(&cct, 0, sizeof(cct));
   cct.type = rfbClientCutText;
   cct.length = rfbClientSwap32IfLE(len);
   return  (WriteToRFBServer(client, (char *)&cct, sz_rfbClientCutTextMsg) &&