On 05/21/2015 04:56 AM, Daniel P. Berrange wrote: > Switch the VNC server over to use the generic cipher API, this > allows it to use the pluggable DES implementations, instead of > being hardcoded to use QEMU's built-in impl. > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > --- > ui/vnc.c | 52 +++++++++++++++++++++++++++++++++++++++++----------- > 1 file changed, 41 insertions(+), 11 deletions(-) >
> @@ -2515,9 +2515,11 @@ static void make_challenge(VncState *vs)
> static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
> {
> unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
> - int i, j, pwlen;
> + size_t i, pwlen;
> unsigned char key[8];
> time_t now = time(NULL);
> + QCryptoCipher *cipher;
> + Error *err;
Leaving this uninitialized...
>
> if (!vs->vd->password) {
> VNC_DEBUG("No password configured on server");
> @@ -2534,9 +2536,29 @@ static int protocol_client_auth_vnc(VncState *vs,
> uint8_t *data, size_t len)
> pwlen = strlen(vs->vd->password);
> for (i=0; i<sizeof(key); i++)
> key[i] = i<pwlen ? vs->vd->password[i] : 0;
> - deskey(key, EN0);
> - for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
> - des(response+j, response+j);
> +
> + cipher = qcrypto_cipher_new(
> + QCRYPTO_CIPHER_ALG_DES_RFB,
> + QCRYPTO_CIPHER_MODE_ECB,
> + key, G_N_ELEMENTS(key),
> + &err);
means that gcrypto_cipher_new may assert if it tries to set an error but
dereferences bogus memory. Local errors must always start life at NULL.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
