External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 05:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Let empty default VNC password work as documented

Browse Source 
CVE-2016-5008

Setting an empty graphics password is documented as a way to disable
VNC/SPICE access, but QEMU does not always behaves like that. VNC would
happily accept the empty password. Let's enforce the behavior by setting
password expiration to "now".

https://bugzilla.redhat.com/show_bug.cgi?id=1180092

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit bb848feec0)
(cherry picked from commit d933f68ee6)
This commit is contained in:
Jiri Denemark 2016-06-28 14:39:58 +02:00 committed by Daniel P. Berrange
parent 34ca568497
commit 36386a9356
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/qemu/qemu_hotplug.c
View File

@ -2657,19 +2657,19 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
time_t now = time(NULL);
char expire_time [64];
const char *connected = NULL;
const char *password;
int ret;
if (!auth->passwd && !driver->vncPassword)
return 0;
password = auth->passwd ? auth->passwd : defaultPasswd;
if (auth->connected)
connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected);
qemuDomainObjEnterMonitorWithDriver(driver, vm);
ret = qemuMonitorSetPassword(priv->mon,
type,
auth->passwd ? auth->passwd : defaultPasswd,
connected);
ret = qemuMonitorSetPassword(priv->mon, type, password, connected);
if (ret == -2) {
if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
@ -2677,14 +2677,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
_("Graphics password only supported for VNC"));
ret = -1;
} else {
ret = qemuMonitorSetVNCPassword(priv->mon,
auth->passwd ? auth->passwd : defaultPasswd);
ret = qemuMonitorSetVNCPassword(priv->mon, password);
}
}
if (ret != 0)
goto cleanup;
if (auth->expires) {
if (password[0] == '\0') {
snprintf(expire_time, sizeof(expire_time), "now");
} else if (auth->expires) {
time_t lifetime = auth->validTo - now;
if (lifetime <= 0)
snprintf(expire_time, sizeof(expire_time), "now");