On 2015/6/19 1:02, Daniel P. Berrange wrote:
> if (!vs->vd->password) {
> VNC_DEBUG("No password configured on server");
> @@ -2534,9 +2536,29 @@ static int protocol_client_auth_vnc(VncState *vs,
> uint8_t *data, size_t len)
> pwlen = strlen(vs->vd->password);
> for (i=0; i<sizeof(key); i++)
> key[i] = i<pwlen ? vs->vd->password[i] : 0;
> - deskey(key, EN0);
> - for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
> - des(response+j, response+j);
> +
> + cipher = qcrypto_cipher_new(
> + QCRYPTO_CIPHER_ALG_DES_RFB,
> + QCRYPTO_CIPHER_MODE_ECB,
> + key, G_N_ELEMENTS(key),
> + &err);
> + if (!cipher) {
> + VNC_DEBUG("Cannot initialize cipher %s",
> + error_get_pretty(err));
> + error_free(err);
> + goto reject;
> + }
> +
> + if (qcrypto_cipher_decrypt(cipher,
> + vs->challenge,
> + response,
> + VNC_AUTH_CHALLENGE_SIZE,
> + &err) < 0) {
> + VNC_DEBUG("Cannot encrypt challenge %s",
> + error_get_pretty(err));
> + error_free(err);
> + goto reject;
> + }
Do we need change above VNC_DEBUGs to error_report() or something like that?
Anyway, it doesn't influence my R-b:
Reviewed-by: Gonglei <arei.gong...@huawei.com>
