From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60464) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YvPwM-0003Pa-Go for qemu-devel@nongnu.org; Thu, 21 May 2015 08:51:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YvPwH-0003eA-MR for qemu-devel@nongnu.org; Thu, 21 May 2015 08:51:10 -0400 Received: from mx1.redhat.com ([209.132.183.28]:54933) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YvPwH-0003dz-FH for qemu-devel@nongnu.org; Thu, 21 May 2015 08:51:05 -0400 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (Postfix) with ESMTPS id 1408791743 for ; Thu, 21 May 2015 12:51:04 +0000 (UTC) Message-ID: <555DD4B7.5040904@redhat.com> Date: Thu, 21 May 2015 06:51:03 -0600 From: Eric Blake MIME-Version: 1.0 References: <1432205817-16414-1-git-send-email-berrange@redhat.com> <1432205817-16414-11-git-send-email-berrange@redhat.com> In-Reply-To: <1432205817-16414-11-git-send-email-berrange@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="g91lN3lI2pLGfo5aEDvG78e3qor7xQMSM" Subject: Re: [Qemu-devel] [PATCH 10/10] ui: convert VNC to use generic cipher API List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: Kevin Wolf , Paolo Bonzini , Gerd Hoffmann This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --g91lN3lI2pLGfo5aEDvG78e3qor7xQMSM Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 05/21/2015 04:56 AM, Daniel P. Berrange wrote: > Switch the VNC server over to use the generic cipher API, this > allows it to use the pluggable DES implementations, instead of > being hardcoded to use QEMU's built-in impl. >=20 > Signed-off-by: Daniel P. Berrange > --- > ui/vnc.c | 52 +++++++++++++++++++++++++++++++++++++++++----------- > 1 file changed, 41 insertions(+), 11 deletions(-) >=20 > @@ -2515,9 +2515,11 @@ static void make_challenge(VncState *vs) > static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_= t len) > { > unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; > - int i, j, pwlen; > + size_t i, pwlen; > unsigned char key[8]; > time_t now =3D time(NULL); > + QCryptoCipher *cipher; > + Error *err; Leaving this uninitialized... > =20 > if (!vs->vd->password) { > VNC_DEBUG("No password configured on server"); > @@ -2534,9 +2536,29 @@ static int protocol_client_auth_vnc(VncState *vs= , uint8_t *data, size_t len) > pwlen =3D strlen(vs->vd->password); > for (i=3D0; i key[i] =3D ivd->password[i] : 0; > - deskey(key, EN0); > - for (j =3D 0; j < VNC_AUTH_CHALLENGE_SIZE; j +=3D 8) > - des(response+j, response+j); > + > + cipher =3D qcrypto_cipher_new( > + QCRYPTO_CIPHER_ALG_DES_RFB, > + QCRYPTO_CIPHER_MODE_ECB, > + key, G_N_ELEMENTS(key), > + &err); means that gcrypto_cipher_new may assert if it tries to set an error but dereferences bogus memory. Local errors must always start life at NULL. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --g91lN3lI2pLGfo5aEDvG78e3qor7xQMSM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJVXdS4AAoJEKeha0olJ0NqrE4H/32gXrqKAqZNxkQHucNutH96 556zhUIVB6K/fyJpM1XR3b3URosE2VQs0+iXas9/Y+7uiJA2i1rpjLph9ybNqjlH eSW6ohZGR/Kl4aot4mZbyBwLZlI7ne7KUVAeJZxlH4wL0U9htqz/XX4Q++xL6sQq DHS0c7wWmI97sB2kB6kFTnFwh28mM5YjhJtxrVlbwGPwx4UAThHosAElxjoe16Mx VtMpOpL7klU6rE0ZkdF7UUO8+Hao3i8amhX3n24y2wo7yb9wOQ/4GxQ+byknc3j5 yIPf9+68OE5HNiKg/+rtE6QHVG8Q2YDTQ4rNpdupYWETvqt2LRsgUfP8gzESz0Y= =DMwU -----END PGP SIGNATURE----- --g91lN3lI2pLGfo5aEDvG78e3qor7xQMSM--