qemu: Let empty default VNC password work as documented

CVE-2016-5008

Setting an empty graphics password is documented as a way to disable
VNC/SPICE access, but QEMU does not always behaves like that. VNC would
happily accept the empty password. Let's enforce the behavior by setting
password expiration to "now".

https://bugzilla.redhat.com/show_bug.cgi?id=1180092

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit bb848feec0)
(cherry picked from commit d933f68ee6)
This commit is contained in:
Jiri Denemark 2016-06-28 14:39:58 +02:00 committed by Daniel P. Berrange
parent 2b435c153e
commit 7ea825672e

View File

@ -2598,19 +2598,19 @@ qemuDomainChangeGraphicsPasswords(struct qemud_driver *driver,
time_t now = time(NULL); time_t now = time(NULL);
char expire_time [64]; char expire_time [64];
const char *connected = NULL; const char *connected = NULL;
const char *password;
int ret; int ret;
if (!auth->passwd && !driver->vncPassword) if (!auth->passwd && !driver->vncPassword)
return 0; return 0;
password = auth->passwd ? auth->passwd : defaultPasswd;
if (auth->connected) if (auth->connected)
connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected); connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected);
qemuDomainObjEnterMonitorWithDriver(driver, vm); qemuDomainObjEnterMonitorWithDriver(driver, vm);
ret = qemuMonitorSetPassword(priv->mon, ret = qemuMonitorSetPassword(priv->mon, type, password, connected);
type,
auth->passwd ? auth->passwd : defaultPasswd,
connected);
if (ret == -2) { if (ret == -2) {
if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) { if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
@ -2618,14 +2618,15 @@ qemuDomainChangeGraphicsPasswords(struct qemud_driver *driver,
_("Graphics password only supported for VNC")); _("Graphics password only supported for VNC"));
ret = -1; ret = -1;
} else { } else {
ret = qemuMonitorSetVNCPassword(priv->mon, ret = qemuMonitorSetVNCPassword(priv->mon, password);
auth->passwd ? auth->passwd : defaultPasswd);
} }
} }
if (ret != 0) if (ret != 0)
goto cleanup; goto cleanup;
if (auth->expires) { if (password[0] == '\0') {
snprintf(expire_time, sizeof(expire_time), "now");
} else if (auth->expires) {
time_t lifetime = auth->validTo - now; time_t lifetime = auth->validTo - now;
if (lifetime <= 0) if (lifetime <= 0)
snprintf(expire_time, sizeof(expire_time), "now"); snprintf(expire_time, sizeof(expire_time), "now");