Hi What is the status of this security bug? The fedora crew decided to disable the access to the QEMU monitor via VNC. Does the debian team want to take the same road? Some sort of applied patch for this is attached (but still needs to be checked). Some short feedback on this bugreport would be much appreciated. Thanks for your efforts.
Cheers Steffen
--- vnc.c.orig 2007-09-03 12:47:50.000000000 +0000
+++ vnc.c 2007-09-03 12:47:29.000000000 +0000
@@ -112,9 +112,7 @@
int visible_y;
int visible_w;
int visible_h;
-
- int ctl_keys; /* Ctrl+Alt starts calibration */
- int shift_keys; /* Shift / CapsLock keys */
+
int numlock;
};
@@ -863,119 +861,17 @@
static void do_key_event(VncState *vs, int down, uint32_t sym)
{
+ int keycode;
sym &= 0xFFFF;
- if (is_graphic_console()) {
- int keycode;
- int numlock;
-
- keycode = keysym2scancode(vs->kbd_layout, sym);
- numlock = keysym2numlock(vs->kbd_layout, sym);
-
- /* If the numlock state needs to change then simulate an additional
- keypress before sending this one. This will happen if the user
- toggles numlock away from the VNC window.
- */
- if (numlock == 1) {
- if (!vs->numlock) {
- vs->numlock = 1;
- press_key(vs, XK_Num_Lock);
- }
- }
- else if (numlock == -1) {
- if (vs->numlock) {
- vs->numlock = 0;
- press_key(vs, XK_Num_Lock);
- }
- }
-
- if (keycode & 0x80)
- kbd_put_keycode(0xe0);
- if (down)
- kbd_put_keycode(keycode & 0x7f);
- else
- kbd_put_keycode(keycode | 0x80);
- } else if (down) {
- int qemu_keysym = 0;
-
- if (sym <= 128) { /* normal ascii */
- int shifted = vs->shift_keys == 1 || vs->shift_keys == 2;
- qemu_keysym = sym;
- if (sym >= 'a' && sym <= 'z' && shifted)
- qemu_keysym -= 'a' - 'A';
- } else {
- switch (sym) {
- case XK_Up: qemu_keysym = QEMU_KEY_UP; break;
- case XK_Down: qemu_keysym = QEMU_KEY_DOWN; break;
- case XK_Left: qemu_keysym = QEMU_KEY_LEFT; break;
- case XK_Right: qemu_keysym = QEMU_KEY_RIGHT; break;
- case XK_Home: qemu_keysym = QEMU_KEY_HOME; break;
- case XK_End: qemu_keysym = QEMU_KEY_END; break;
- case XK_Page_Up: qemu_keysym = QEMU_KEY_PAGEUP; break;
- case XK_Page_Down: qemu_keysym = QEMU_KEY_PAGEDOWN; break;
- case XK_BackSpace: qemu_keysym = QEMU_KEY_BACKSPACE; break;
- case XK_Delete: qemu_keysym = QEMU_KEY_DELETE; break;
- case XK_Return:
- case XK_Linefeed: qemu_keysym = sym; break;
- default: break;
- }
- }
- if (qemu_keysym != 0)
- kbd_put_keysym(qemu_keysym);
- }
-
- if (down) {
- switch (sym) {
- case XK_Control_L:
- vs->ctl_keys |= 1;
- break;
-
- case XK_Alt_L:
- vs->ctl_keys |= 2;
- break;
-
- case XK_Shift_L:
- vs->shift_keys |= 1;
- break;
-
- default:
- break;
- }
- } else {
- switch (sym) {
- case XK_Control_L:
- vs->ctl_keys &= ~1;
- break;
-
- case XK_Alt_L:
- vs->ctl_keys &= ~2;
- break;
-
- case XK_Shift_L:
- vs->shift_keys &= ~1;
- break;
-
- case XK_Caps_Lock:
- vs->shift_keys ^= 2;
- break;
-
- case XK_Num_Lock:
- vs->numlock = !vs->numlock;
- break;
+ keycode = keysym2scancode(vs->kbd_layout, sym);
+ if (keycode & 0x80)
+ kbd_put_keycode(0xe0);
+ if (down)
+ kbd_put_keycode(keycode & 0x7f);
+ else
+ kbd_put_keycode(keycode | 0x80);
- case XK_1 ... XK_9:
- if ((vs->ctl_keys & 3) != 3)
- break;
-
- console_select(sym - XK_1);
- if (is_graphic_console()) {
- /* tell the vga console to redisplay itself */
- vga_hw_invalidate();
- vnc_dpy_update(vs->ds, 0, 0, vs->ds->width, vs->ds->height);
- }
- break;
- }
- }
}
static void key_event(VncState *vs, int down, uint32_t sym)
signature.asc
Description: This is a digitally signed message part.
