On Thu, May 21, 2015 at 06:51:03AM -0600, Eric Blake wrote: > On 05/21/2015 04:56 AM, Daniel P. Berrange wrote: > > Switch the VNC server over to use the generic cipher API, this > > allows it to use the pluggable DES implementations, instead of > > being hardcoded to use QEMU's built-in impl. > > > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > > --- > > ui/vnc.c | 52 +++++++++++++++++++++++++++++++++++++++++----------- > > 1 file changed, 41 insertions(+), 11 deletions(-) > > > > > @@ -2515,9 +2515,11 @@ static void make_challenge(VncState *vs) > > static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t > > len) > > { > > unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; > > - int i, j, pwlen; > > + size_t i, pwlen; > > unsigned char key[8]; > > time_t now = time(NULL); > > + QCryptoCipher *cipher; > > + Error *err; > > Leaving this uninitialized... > > > > > if (!vs->vd->password) { > > VNC_DEBUG("No password configured on server"); > > @@ -2534,9 +2536,29 @@ static int protocol_client_auth_vnc(VncState *vs, > > uint8_t *data, size_t len) > > pwlen = strlen(vs->vd->password); > > for (i=0; i<sizeof(key); i++) > > key[i] = i<pwlen ? vs->vd->password[i] : 0; > > - deskey(key, EN0); > > - for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) > > - des(response+j, response+j); > > + > > + cipher = qcrypto_cipher_new( > > + QCRYPTO_CIPHER_ALG_DES_RFB, > > + QCRYPTO_CIPHER_MODE_ECB, > > + key, G_N_ELEMENTS(key), > > + &err); > > means that gcrypto_cipher_new may assert if it tries to set an error but > dereferences bogus memory. Local errors must always start life at NULL.
Opps, yes, missed that. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|