WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH][Take 3] VNC authentification

from [Anthony Liguori] [Permanent Link][Original]
To: Masami Watanabe <masami.watanabe@xxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH][Take 3] VNC authentification
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Tue, 03 Oct 2006 12:56:31 -0500
Cc: Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Delivery-date: Tue, 03 Oct 2006 10:57:11 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <JZ200610040108511.216281@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <3AAA99889D105740BE010EB6D5A5A3B202A3D2@xxxxxxxxxxxxxxxxxxxxxxxxxx> <JX200609291747343.1765484@xxxxxxxxxxxxxx> <20060929221145.GE8564@xxxxxxxxxx> <JH200610010353334.2150046@xxxxxxxxxxxxxx> <20061002162232.GB1730@xxxxxxxxxx> <45214B54.8060805@xxxxxxxxxx> <20061002181231.GC1730@xxxxxxxxxx> <3AAA99889D105740BE010EB6D5A5A3B202A4F0@xxxxxxxxxxxxxxxxxxxxxxxxxx> <JZ200610040108511.216281@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.7 (X11/20060918) 
Masami Watanabe wrote:

+static int vnc_auth(VncState *vs)
+{
+    extern char vncpasswd[64];
+    extern unsigned char challenge[AUTHCHALLENGESIZE];
+
+    if (*vncpasswd == '\0') {
+       /* AuthType is None */
+       vnc_write_u32(vs, 1);
+       vnc_flush(vs);
+       vnc_read_when(vs, protocol_client_init, 1);
+    } else {
+       /* AuthType is VncAuth */
+       vnc_write_u32(vs, 2);
+       vnc_flush(vs);
+
+       /* Read AuthType */
+       vnc_read_when(vs, protocol_authtype, 1);
As I mentioned before, you cannot have to vnc_read_when()'s execution path without returning the the mainloop.
protocol_authtype() cannot possibly be invoked. If the code is working now, it's pure luck.
There was just a very high profile RealVNC vulnerability that was due to improper authtype handling. It's very important we do this right so we don't duplicate this bug. 

Regards,

Anthony Liguori


+       /* Send Challenge */
+       make_challenge(challenge, AUTHCHALLENGESIZE);
+       vnc_write(vs, challenge, AUTHCHALLENGESIZE);
+       vnc_flush(vs);
+
+       /* Read Responce */
+       vnc_read_when(vs, protocol_response, AUTHCHALLENGESIZE);
+    }
+
+    return 0;
+}




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] USB split driver, Harry Butterworth
Next by Date:  Re: [Xen-devel] [PATCH][Take 3] VNC authentification, Daniel P. Berrange
Previous by Thread:  [Xen-devel] [PATCH][Take 3] VNC authentification, Masami Watanabe
Next by Thread:  Re: [Xen-devel] [PATCH][Take 3] VNC authentification, Daniel P. Berrange
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy