On Thu, Dec 16, 2021 at 10:48:53AM +0000, Daniel P. Berrangé wrote: > The VNC password authentication scheme is quite horrendous in that it > takes the user password and directly uses it as a DES case. DES is a > byte 8 keyed cipher, so the VNC password can never be more than 8 > characters long. Anything over that length will be silently dropped. > > We should validate this length restriction when accepting user XML > configs and report an error. For the global VNC password we don't > really want to break daemon startup by reporting an error, but > logging a warning is worthwhile. > > https://bugzilla.redhat.com/show_bug.cgi?id=1506689 > Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> > --- > src/qemu/qemu_conf.c | 6 ++++++ > src/qemu/qemu_validate.c | 8 ++++++++ > 2 files changed, 14 insertions(+)
Reviewed-by: Pavel Hrdina <phrd...@redhat.com>
signature.asc
Description: PGP signature
