WARNING - OLD ARCHIVES

Anthony Liguori <aliguori@xxxxxxxxxx> · 2006年10月03日 12:56:31 -0500

Masami Watanabe wrote:

+static int vnc_auth(VncState *vs)
+{
+ extern char vncpasswd[64];
+ extern unsigned char challenge[AUTHCHALLENGESIZE];
+
+ if (*vncpasswd == '0円') {
+ /* AuthType is None */
+ vnc_write_u32(vs, 1);
+ vnc_flush(vs);
+ vnc_read_when(vs, protocol_client_init, 1);
+ } else {
+ /* AuthType is VncAuth */
+ vnc_write_u32(vs, 2);
+ vnc_flush(vs);
+
+ /* Read AuthType */
+ vnc_read_when(vs, protocol_authtype, 1);

As I mentioned before, you cannot have to vnc_read_when()'s execution 

path without returning the the mainloop.

protocol_authtype() cannot possibly be invoked. If the code is working 

now, it's pure luck.

There was just a very high profile RealVNC vulnerability that was due to 

improper authtype handling. It's very important we do this right so we 

don't duplicate this bug.

Regards,
Anthony Liguori

+ /* Send Challenge */
+ make_challenge(challenge, AUTHCHALLENGESIZE);
+ vnc_write(vs, challenge, AUTHCHALLENGESIZE);
+ vnc_flush(vs);
+
+ /* Read Responce */
+ vnc_read_when(vs, protocol_response, AUTHCHALLENGESIZE);
+ }
+
+ return 0;
+}

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

To:	Masami Watanabe <masami.watanabe@xxxxxxxxxxxxxx>
Subject:	Re: [Xen-devel] [PATCH][Take 3] VNC authentification
From:	Anthony Liguori <aliguori@xxxxxxxxxx>
Date:	2006年10月03日 12:56:31 -0500
Cc:	Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Delivery-date:	2006年10月03日 10:57:11 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<JZ200610040108511.216281@xxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<3AAA99889D105740BE010EB6D5A5A3B202A3D2@xxxxxxxxxxxxxxxxxxxxxxxxxx> <JX200609291747343.1765484@xxxxxxxxxxxxxx> <20060929221145.GE8564@xxxxxxxxxx> <JH200610010353334.2150046@xxxxxxxxxxxxxx> <20061002162232.GB1730@xxxxxxxxxx> <45214B54.8060805@xxxxxxxxxx> <20061002181231.GC1730@xxxxxxxxxx> <3AAA99889D105740BE010EB6D5A5A3B202A4F0@xxxxxxxxxxxxxxxxxxxxxxxxxx> <JZ200610040108511.216281@xxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Thunderbird 1.5.0.7 (X11/20060918)

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] Re: [PATCH][Take 2] VNC authentification , Daniel P. Berrange [Xen-devel] Re: [PATCH][Take 2] VNC authentification , Anthony Liguori [Xen-devel] Re: [PATCH][Take 2] VNC authentification , Daniel P. Berrange [Xen-devel] RE: [PATCH][Take 2] VNC authentification , Ian Pratt [Xen-devel] RE: [PATCH][Take 2] VNC authentification , Masami Watanabe [Xen-devel] [PATCH][Take 3] VNC authentification , Masami Watanabe Re: [Xen-devel] [PATCH][Take 3] VNC authentification, Anthony Liguori <= Re: [Xen-devel] [PATCH][Take 3] VNC authentification , Daniel P. Berrange Re: [Xen-devel] [PATCH][Take 3] VNC authentification , Anthony Liguori

Previous by Date:	[Xen-devel] USB split driver , Harry Butterworth
Next by Date:	Re: [Xen-devel] [PATCH][Take 3] VNC authentification , Daniel P. Berrange
Previous by Thread:	[Xen-devel] [PATCH][Take 3] VNC authentification , Masami Watanabe
Next by Thread:	Re: [Xen-devel] [PATCH][Take 3] VNC authentification , Daniel P. Berrange
Indexes:	[Date] [Thread] [Top] [All Lists]

WARNING - OLD ARCHIVES

xen-devel

Re: [Xen-devel] [PATCH][Take 3] VNC authentification