Date: Sat, 10 Jun 2017 09:55:10 -0700 From: Conrad Meyer <cse.cem@gmail.com> To: Marcelo Araujo <araujo@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r319487 - head/usr.sbin/bhyve Message-ID: <CAG6CVpUY-mHi=vcdVsj00Okus-OPuyGwDdMT-So0A059nObLAQ@mail.gmail.com> In-Reply-To: <CAG6CVpUohZppgV%2BKXNHsvhFkXvw3rtd20iGSi3P=vDAG%2Bs6vjw@mail.gmail.com> References: <201706020235.v522ZGeC076100@repo.freebsd.org> <CAG6CVpUohZppgV%2BKXNHsvhFkXvw3rtd20iGSi3P=vDAG%2Bs6vjw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Forgot to mention =E2=80=94 this one was CID 1375949. Additionally additionally, On Thu, Jun 1, 2017 at 7:35 PM, Marcelo Araujo <araujo@freebsd.org> wrote: > Author: araujo > Date: Fri Jun 2 02:35:16 2017 > New Revision: 319487 > URL: https://svnweb.freebsd.org/changeset/base/319487 > > Log: > Add VNC Authentication support based on RFC6143 section 7.2.2. > > ... > > Modified: head/usr.sbin/bhyve/rfb.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/usr.sbin/bhyve/rfb.c Fri Jun 2 01:00:40 2017 (r319486) > +++ head/usr.sbin/bhyve/rfb.c Fri Jun 2 02:35:16 2017 (r319487) > ... > @@ -739,8 +754,19 @@ rfb_handle(struct rfb_softc *rc, int cfd) > { > const char *vbuf =3D "RFB 003.008\n"; > unsigned char buf[80]; > + unsigned char *message; > + > +#ifndef NO_OPENSSL > + unsigned char challenge[AUTH_LENGTH]; > + unsigned char keystr[PASSWD_LENGTH]; > + unsigned char crypt_expected[AUTH_LENGTH]; > + > + DES_key_schedule ks; > + int i; > +#endif > + > pthread_t tid; This is uninitialized. > - uint32_t sres; > + uint32_t sres; > int len; > > rc->cfd =3D cfd; > @@ -751,19 +777,91 @@ rfb_handle(struct rfb_softc *rc, int cfd) > ... > + /* 2c. Do VNC authentication */ > + switch (buf[0]) { > + case SECURITY_TYPE_NONE: > + sres =3D 0; > + break; > + case SECURITY_TYPE_VNC_AUTH: ... > > + > + if (memcmp(crypt_expected, buf, AUTH_LENGTH) !=3D 0) { > + message =3D "Auth Failed: Invalid Password."; > + sres =3D htonl(1); > + } else > + sres =3D 0; > +#else > + sres =3D 0; > + WPRINTF(("Auth not supported, no OpenSSL in your system")= ); > +#endif > + > + break; > + } > + > + /* 2d. Write back a status */ > stream_write(cfd, &sres, 4); > > + if (sres) { > + *((uint32_t *) buf) =3D htonl(strlen(message)); > + stream_write(cfd, buf, 4); > + stream_write(cfd, message, strlen(message)); > + goto done; > + } When authentication fails, 'done:' label will pthread_join(tid), which is also uninitialized at this point. This is CID 1375950. Best, Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpUY-mHi=vcdVsj00Okus-OPuyGwDdMT-So0A059nObLAQ>