Bug#879866: Patch solving the issue

Thu, 26 Oct 2017 11:27:20 -0700 

Hi,

I tried to find out by myself where the bugs comes from.

I looked at the code upstream, and noticed that they moved the code
responsible for the reply "Unable to query the local user to accept the
connection." a few line up in unix/xserver/hw/vnc/XserverDesktop.cc

https://github.com/TigerVNC/tigervnc/blob/master/unix/xserver/hw/vnc/XserverDesktop.cc#L314

Looking at the code in rfb::VNCServerST::queryResult
XserverDesktop::queryConnection it's quite clear.
The 'queryConnectId' variable which triggers the Message "Another
connection is currently being queried." is set before the code related
to "Unable to query the local user to accept the connection.", which
doesn't reset the 'queryConnectId' variable.

So it makes sense to move the code before the initialisation of the
queryConnectId.

I build 1.7.0+dfsg-7 with the attached patch on top of the debian
patches, and it solves the issue.

I didn't look deeper to see if it as side effects, but since the
upstream developers did it too, I guess it could be nice to patch !

This bug is a kind of DoS since it needs the user to restart Xorg
completely to allow the service to be reached again.

Cheers

Pierre

--- tigervnc-1.7.0/unix/xserver/hw/vnc/XserverDesktop.cc	2016-09-08 12:31:18.000000000 +0200
+++ tigervnc-1.7.0.pierre/unix/xserver/hw/vnc/XserverDesktop.cc	2017-10-26 19:19:55.736805114 +0200
@@ -285,19 +285,18 @@
     return rfb::VNCServerST::REJECT;
   }
 
-  queryConnectAddress.replaceBuf(sock->getPeerAddress());
-  if (!userName)
-    userName = "(anonymous)";
-  queryConnectUsername.replaceBuf(strDup(userName));
-  queryConnectId = (uint32_t)(intptr_t)sock;
-  queryConnectSocket = sock;
-
   count = vncNotifyQueryConnect();
   if (count == 0) {
     *reason = strDup("Unable to query the local user to accept the connection.");
     return rfb::VNCServerST::REJECT;
   }
 
+  queryConnectAddress.replaceBuf(sock->getPeerAddress());
+  if (!userName)
+    userName = "(anonymous)";
+  queryConnectUsername.replaceBuf(strDup(userName));
+  queryConnectId = (uint32_t)(intptr_t)sock;
+  queryConnectSocket = sock;
   return rfb::VNCServerST::PENDING;
 }

Reply via email to