| Message ID | 1432205817-16414-11-git-send-email-berrange@redhat.com |
|---|---|
| State | New |
| Headers | show |
On 05/21/2015 04:56 AM, Daniel P. Berrange wrote: > Switch the VNC server over to use the generic cipher API, this > allows it to use the pluggable DES implementations, instead of > being hardcoded to use QEMU's built-in impl. > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > --- > ui/vnc.c | 52 +++++++++++++++++++++++++++++++++++++++++----------- > 1 file changed, 41 insertions(+), 11 deletions(-) > > @@ -2515,9 +2515,11 @@ static void make_challenge(VncState *vs) > static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) > { > unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; > - int i, j, pwlen; > + size_t i, pwlen; > unsigned char key[8]; > time_t now = time(NULL); > + QCryptoCipher *cipher; > + Error *err; Leaving this uninitialized... > > if (!vs->vd->password) { > VNC_DEBUG("No password configured on server"); > @@ -2534,9 +2536,29 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) > pwlen = strlen(vs->vd->password); > for (i=0; i<sizeof(key); i++) > key[i] = i<pwlen ? vs->vd->password[i] : 0; > - deskey(key, EN0); > - for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) > - des(response+j, response+j); > + > + cipher = qcrypto_cipher_new( > + QCRYPTO_CIPHER_ALG_DES_RFB, > + QCRYPTO_CIPHER_MODE_ECB, > + key, G_N_ELEMENTS(key), > + &err); means that gcrypto_cipher_new may assert if it tries to set an error but dereferences bogus memory. Local errors must always start life at NULL.
On Thu, May 21, 2015 at 06:51:03AM -0600, Eric Blake wrote: > On 05/21/2015 04:56 AM, Daniel P. Berrange wrote: > > Switch the VNC server over to use the generic cipher API, this > > allows it to use the pluggable DES implementations, instead of > > being hardcoded to use QEMU's built-in impl. > > > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > > --- > > ui/vnc.c | 52 +++++++++++++++++++++++++++++++++++++++++----------- > > 1 file changed, 41 insertions(+), 11 deletions(-) > > > > > @@ -2515,9 +2515,11 @@ static void make_challenge(VncState *vs) > > static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) > > { > > unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; > > - int i, j, pwlen; > > + size_t i, pwlen; > > unsigned char key[8]; > > time_t now = time(NULL); > > + QCryptoCipher *cipher; > > + Error *err; > > Leaving this uninitialized... > > > > > if (!vs->vd->password) { > > VNC_DEBUG("No password configured on server"); > > @@ -2534,9 +2536,29 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) > > pwlen = strlen(vs->vd->password); > > for (i=0; i<sizeof(key); i++) > > key[i] = i<pwlen ? vs->vd->password[i] : 0; > > - deskey(key, EN0); > > - for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) > > - des(response+j, response+j); > > + > > + cipher = qcrypto_cipher_new( > > + QCRYPTO_CIPHER_ALG_DES_RFB, > > + QCRYPTO_CIPHER_MODE_ECB, > > + key, G_N_ELEMENTS(key), > > + &err); > > means that gcrypto_cipher_new may assert if it tries to set an error but > dereferences bogus memory. Local errors must always start life at NULL. Opps, yes, missed that. Regards, Daniel
diff --git a/ui/vnc.c b/ui/vnc.c index 73a6d5f..b885c71 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -47,7 +47,7 @@ static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; #include "vnc_keysym.h" -#include "crypto/desrfb.h" +#include "crypto/cipher.h" static QTAILQ_HEAD(, VncDisplay) vnc_displays = QTAILQ_HEAD_INITIALIZER(vnc_displays); @@ -2515,9 +2515,11 @@ static void make_challenge(VncState *vs) static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) { unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; - int i, j, pwlen; + size_t i, pwlen; unsigned char key[8]; time_t now = time(NULL); + QCryptoCipher *cipher; + Error *err; if (!vs->vd->password) { VNC_DEBUG("No password configured on server"); @@ -2534,9 +2536,29 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) pwlen = strlen(vs->vd->password); for (i=0; i<sizeof(key); i++) key[i] = i<pwlen ? vs->vd->password[i] : 0; - deskey(key, EN0); - for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) - des(response+j, response+j); + + cipher = qcrypto_cipher_new( + QCRYPTO_CIPHER_ALG_DES_RFB, + QCRYPTO_CIPHER_MODE_ECB, + key, G_N_ELEMENTS(key), + &err); + if (!cipher) { + VNC_DEBUG("Cannot initialize cipher %s", + error_get_pretty(err)); + error_free(err); + goto reject; + } + + if (qcrypto_cipher_decrypt(cipher, + vs->challenge, + response, + VNC_AUTH_CHALLENGE_SIZE, + &err) < 0) { + VNC_DEBUG("Cannot encrypt challenge %s", + error_get_pretty(err)); + error_free(err); + goto reject; + } /* Compare expected vs actual challenge response */ if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { @@ -3483,12 +3505,20 @@ void vnc_display_open(const char *id, Error **errp) } password = qemu_opt_get_bool(opts, "password", false); - if (password && fips_get_state()) { - error_setg(errp, - "VNC password auth disabled due to FIPS mode, " - "consider using the VeNCrypt or SASL authentication " - "methods as an alternative"); - goto fail; + if (password) { + if (fips_get_state()) { + error_setg(errp, + "VNC password auth disabled due to FIPS mode, " + "consider using the VeNCrypt or SASL authentication " + "methods as an alternative"); + goto fail; + } + if (!qcrypto_cipher_supports( + QCRYPTO_CIPHER_ALG_DES_RFB)) { + error_setg(errp, + "Cipher backend does not support DES RFB algorithm"); + goto fail; + } } reverse = qemu_opt_get_bool(opts, "reverse", false);
Switch the VNC server over to use the generic cipher API, this allows it to use the pluggable DES implementations, instead of being hardcoded to use QEMU's built-in impl. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- ui/vnc.c | 52 +++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 41 insertions(+), 11 deletions(-)