From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56513)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1YaR6m-0003VF-Hv
	for qemu-devel@nongnu.org; Tue, 24 Mar 2015 11:51:13 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1YaR6g-0007sS-LV
	for qemu-devel@nongnu.org; Tue, 24 Mar 2015 11:51:12 -0400
Received: from mx1.redhat.com ([209.132.183.28]:58517)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1YaR6g-0007s9-EM
	for qemu-devel@nongnu.org; Tue, 24 Mar 2015 11:51:06 -0400
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
	(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t2OFp3er022091
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=FAIL)
	for <qemu-devel@nongnu.org>; Tue, 24 Mar 2015 11:51:04 -0400
Message-ID: <1427212260.18768.28.camel@nilsson.home.kraxel.org>
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 24 Mar 2015 16:51:00 +0100
In-Reply-To: <1427151502-14386-1-git-send-email-berrange@redhat.com>
References: <1427151502-14386-1-git-send-email-berrange@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service
 in VNC websockets
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: qemu-devel@nongnu.org

On Mo, 2015-03-23 at 22:58 +0000, Daniel P. Berrange wrote:
> The VNC websockets protocol decoder has two places where it did
> not correctly limit its resource usage when processing data from
> the client. This can be abused by a malicious client to cause QEMU
> to consume all system memory, unless it is otherwise limited by
> ulimits and/or cgroups. These problems can be triggered in the
> websockets layer before the VNC protocol actually starts, so no
> client authentication will have taken place at this point.

Hmm, with patch 1/2 applied novnc disconnects frequently.  Boot messages
on the text (framebuffer) console seems to work fine.  But after logging
in via gdm and trying to do stuff in gnome shell problems are starting.

cheers,
  Gerd