All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-devel] [Bug 1637447] [NEW] VNC/RFB: QEMU reports incorrect name (length)
@ 2016-10-28  9:30 cardamon
  2016-10-28  9:57 ` [Qemu-devel] [Bug 1637447] " Jakob van Kruijssen
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: cardamon @ 2016-10-28  9:30 UTC (permalink / raw)
  To: qemu-devel

Public bug reported:

If the name of a machine (as set with the -name argument) has a length
longer than 1024, (RFB) VNC clients will not receive a correct RFB
ServerInit message.

I suspect this is the problem:

https://github.com/qemu/qemu/blob/master/ui/vnc.c#L2463

The return value of snprintf is used as the value for the name-length field in the ServerInit message.
This is problematic for names that were truncated to 1024, as the length will now be bigger than the actual name.

I think a quick fix would be to simply report min(size,1024) to the
client...

** Affects: qemu
     Importance: Undecided
         Status: New


** Tags: rfb vnc

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1637447

Title:
  VNC/RFB: QEMU reports incorrect name (length)

Status in QEMU:
  New

Bug description:
  If the name of a machine (as set with the -name argument) has a length
  longer than 1024, (RFB) VNC clients will not receive a correct RFB
  ServerInit message.

  I suspect this is the problem:

  https://github.com/qemu/qemu/blob/master/ui/vnc.c#L2463

  The return value of snprintf is used as the value for the name-length field in the ServerInit message.
  This is problematic for names that were truncated to 1024, as the length will now be bigger than the actual name.

  I think a quick fix would be to simply report min(size,1024) to the
  client...

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1637447/+subscriptions

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Qemu-devel] [Bug 1637447] Re: VNC/RFB: QEMU reports incorrect name (length)
  2016-10-28  9:30 [Qemu-devel] [Bug 1637447] [NEW] VNC/RFB: QEMU reports incorrect name (length) cardamon
@ 2016-10-28  9:57 ` Jakob van Kruijssen
  2016-10-28 10:00 ` Daniel Berrange
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Jakob van Kruijssen @ 2016-10-28  9:57 UTC (permalink / raw)
  To: qemu-devel

** Description changed:

  If the name of a machine (as set with the -name argument) has a length
  longer than 1024, (RFB) VNC clients will not receive a correct RFB
  ServerInit message.
  
  I suspect this is the problem:
  
- https://github.com/qemu/qemu/blob/master/ui/vnc.c#L2463
+ https://github.com/qemu/qemu/blob/v2.7.0-rc5/ui/vnc.c#L2459
  
  The return value of snprintf is used as the value for the name-length field in the ServerInit message.
  This is problematic for names that were truncated to 1024, as the length will now be bigger than the actual name.
  
  I think a quick fix would be to simply report min(size,1024) to the
  client...

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1637447

Title:
  VNC/RFB: QEMU reports incorrect name (length)

Status in QEMU:
  New

Bug description:
  If the name of a machine (as set with the -name argument) has a length
  longer than 1024, (RFB) VNC clients will not receive a correct RFB
  ServerInit message.

  I suspect this is the problem:

  https://github.com/qemu/qemu/blob/v2.7.0-rc5/ui/vnc.c#L2459

  The return value of snprintf is used as the value for the name-length field in the ServerInit message.
  This is problematic for names that were truncated to 1024, as the length will now be bigger than the actual name.

  I think a quick fix would be to simply report min(size,1024) to the
  client...

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1637447/+subscriptions

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Qemu-devel] [Bug 1637447] Re: VNC/RFB: QEMU reports incorrect name (length)
  2016-10-28  9:30 [Qemu-devel] [Bug 1637447] [NEW] VNC/RFB: QEMU reports incorrect name (length) cardamon
  2016-10-28  9:57 ` [Qemu-devel] [Bug 1637447] " Jakob van Kruijssen
@ 2016-10-28 10:00 ` Daniel Berrange
  2017-01-11  6:29 ` Thomas Huth
  2017-04-24  7:43 ` Thomas Huth
  3 siblings, 0 replies; 5+ messages in thread
From: Daniel Berrange @ 2016-10-28 10:00 UTC (permalink / raw)
  To: qemu-devel

The right fix here is to switch to use g_strdup_printf and avoid a fixed
length stack buffer entirely.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1637447

Title:
  VNC/RFB: QEMU reports incorrect name (length)

Status in QEMU:
  New

Bug description:
  If the name of a machine (as set with the -name argument) has a length
  longer than 1024, (RFB) VNC clients will not receive a correct RFB
  ServerInit message.

  I suspect this is the problem:

  https://github.com/qemu/qemu/blob/v2.7.0-rc5/ui/vnc.c#L2459

  The return value of snprintf is used as the value for the name-length field in the ServerInit message.
  This is problematic for names that were truncated to 1024, as the length will now be bigger than the actual name.

  I think a quick fix would be to simply report min(size,1024) to the
  client...

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1637447/+subscriptions

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Qemu-devel] [Bug 1637447] Re: VNC/RFB: QEMU reports incorrect name (length)
  2016-10-28  9:30 [Qemu-devel] [Bug 1637447] [NEW] VNC/RFB: QEMU reports incorrect name (length) cardamon
  2016-10-28  9:57 ` [Qemu-devel] [Bug 1637447] " Jakob van Kruijssen
  2016-10-28 10:00 ` Daniel Berrange
@ 2017-01-11  6:29 ` Thomas Huth
  2017-04-24  7:43 ` Thomas Huth
  3 siblings, 0 replies; 5+ messages in thread
From: Thomas Huth @ 2017-01-11  6:29 UTC (permalink / raw)
  To: qemu-devel

Fix has been committed:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=97efe4f961dcf5a0126

** Changed in: qemu
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1637447

Title:
  VNC/RFB: QEMU reports incorrect name (length)

Status in QEMU:
  Fix Committed

Bug description:
  If the name of a machine (as set with the -name argument) has a length
  longer than 1024, (RFB) VNC clients will not receive a correct RFB
  ServerInit message.

  I suspect this is the problem:

  https://github.com/qemu/qemu/blob/v2.7.0-rc5/ui/vnc.c#L2459

  The return value of snprintf is used as the value for the name-length field in the ServerInit message.
  This is problematic for names that were truncated to 1024, as the length will now be bigger than the actual name.

  I think a quick fix would be to simply report min(size,1024) to the
  client...

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1637447/+subscriptions

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Qemu-devel] [Bug 1637447] Re: VNC/RFB: QEMU reports incorrect name (length)
  2016-10-28  9:30 [Qemu-devel] [Bug 1637447] [NEW] VNC/RFB: QEMU reports incorrect name (length) cardamon
                   ` (2 preceding siblings ...)
  2017-01-11  6:29 ` Thomas Huth
@ 2017-04-24  7:43 ` Thomas Huth
  3 siblings, 0 replies; 5+ messages in thread
From: Thomas Huth @ 2017-04-24  7:43 UTC (permalink / raw)
  To: qemu-devel

** Changed in: qemu
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1637447

Title:
  VNC/RFB: QEMU reports incorrect name (length)

Status in QEMU:
  Fix Released

Bug description:
  If the name of a machine (as set with the -name argument) has a length
  longer than 1024, (RFB) VNC clients will not receive a correct RFB
  ServerInit message.

  I suspect this is the problem:

  https://github.com/qemu/qemu/blob/v2.7.0-rc5/ui/vnc.c#L2459

  The return value of snprintf is used as the value for the name-length field in the ServerInit message.
  This is problematic for names that were truncated to 1024, as the length will now be bigger than the actual name.

  I think a quick fix would be to simply report min(size,1024) to the
  client...

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1637447/+subscriptions

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-04-24  7:50 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-10-28  9:30 [Qemu-devel] [Bug 1637447] [NEW] VNC/RFB: QEMU reports incorrect name (length) cardamon
2016-10-28  9:57 ` [Qemu-devel] [Bug 1637447] " Jakob van Kruijssen
2016-10-28 10:00 ` Daniel Berrange
2017-01-11  6:29 ` Thomas Huth
2017-04-24  7:43 ` Thomas Huth

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.