Skip to content

Reject unsolicited clipboard provides from clients#2126

Closed
hyder365 wants to merge 1 commit into
TigerVNC:masterfrom
hyder365:fix/clipboard-unsolicited-provide
Closed

Reject unsolicited clipboard provides from clients#2126
hyder365 wants to merge 1 commit into
TigerVNC:masterfrom
hyder365:fix/clipboard-unsolicited-provide

Conversation

@hyder365

Copy link
Copy Markdown
Contributor

Track whether a clipboard request is pending and reject clipboardProvide messages that were not explicitly requested. An authenticated client could previously push arbitrary clipboard content that would reach the desktop clipboard without any request, enabling clipboard spoofing attacks against other connected clients.\n\nAlso fixes clipboard store-before-check by moving the access rights check before data storage in both clientCutText and handleClipboardProvide paths.

Track whether a clipboard request is pending and reject clipboardProvide
messages that were not explicitly requested. An authenticated client
with AccessCutText could previously push arbitrary clipboard content
that would reach the desktop clipboard without any request, enabling
clipboard spoofing attacks against other connected clients.

Also fixes clipboard store-before-check: access rights are now
verified before storing clipboard data in both clientCutText() and
handleClipboardProvide() paths.
@CendioOssman

Copy link
Copy Markdown
Member

A malicious client can do that anyway by pushing announce messages. So I'm not sure what the practical difference is here.

What scenario are you targeting that this PR would improve?

@hyder365

Copy link
Copy Markdown
Contributor Author

You're right, a malicious client can just use clipboardNotify to trigger the request and still get its provide accepted. This only blocks the direct push, which isn't much of a win.

@hyder365 hyder365 closed this Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants