svn commit: r319487 - head/usr.sbin/bhyve
Conrad Meyer
cse.cem at gmail.com
Sat Jun 10 16:55:12 UTC 2017
Forgot to mention — this one was CID 1375949.
Additionally additionally,
On Thu, Jun 1, 2017 at 7:35 PM, Marcelo Araujo <araujo at freebsd.org> wrote:
> Author: araujo
> Date: Fri Jun 2 02:35:16 2017
> New Revision: 319487
> URL: https://svnweb.freebsd.org/changeset/base/319487
>
> Log:
> Add VNC Authentication support based on RFC6143 section 7.2.2.
>
> ...
>
> Modified: head/usr.sbin/bhyve/rfb.c
> ==============================================================================
> --- head/usr.sbin/bhyve/rfb.c Fri Jun 2 01:00:40 2017 (r319486)
> +++ head/usr.sbin/bhyve/rfb.c Fri Jun 2 02:35:16 2017 (r319487)
> ...
> @@ -739,8 +754,19 @@ rfb_handle(struct rfb_softc *rc, int cfd)
> {
> const char *vbuf = "RFB 003.008\n";
> unsigned char buf[80];
> + unsigned char *message;
> +
> +#ifndef NO_OPENSSL
> + unsigned char challenge[AUTH_LENGTH];
> + unsigned char keystr[PASSWD_LENGTH];
> + unsigned char crypt_expected[AUTH_LENGTH];
> +
> + DES_key_schedule ks;
> + int i;
> +#endif
> +
> pthread_t tid;
This is uninitialized.
> - uint32_t sres;
> + uint32_t sres;
> int len;
>
> rc->cfd = cfd;
> @@ -751,19 +777,91 @@ rfb_handle(struct rfb_softc *rc, int cfd)
> ...
> + /* 2c. Do VNC authentication */
> + switch (buf[0]) {
> + case SECURITY_TYPE_NONE:
> + sres = 0;
> + break;
> + case SECURITY_TYPE_VNC_AUTH:
...
>
> +
> + if (memcmp(crypt_expected, buf, AUTH_LENGTH) != 0) {
> + message = "Auth Failed: Invalid Password.";
> + sres = htonl(1);
> + } else
> + sres = 0;
> +#else
> + sres = 0;
> + WPRINTF(("Auth not supported, no OpenSSL in your system"));
> +#endif
> +
> + break;
> + }
> +
> + /* 2d. Write back a status */
> stream_write(cfd, &sres, 4);
>
> + if (sres) {
> + *((uint32_t *) buf) = htonl(strlen(message));
> + stream_write(cfd, buf, 4);
> + stream_write(cfd, message, strlen(message));
> + goto done;
> + }
When authentication fails, 'done:' label will pthread_join(tid), which
is also uninitialized at this point. This is CID 1375950.
Best,
Conrad
More information about the svn-src-head
mailing list