From b869aab71102c41247a3fede506e88700bb95e55 Mon Sep 17 00:00:00 2001 From: Jiri Denemark Date: Tue, 28 Jun 2016 14:39:58 +0200 Subject: [PATCH] qemu: Let empty default VNC password work as documented CVE-2016-5008 Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now". https://bugzilla.redhat.com/show_bug.cgi?id=1180092 Signed-off-by: Jiri Denemark (cherry picked from commit bb848feec0f3f10e92dd8e5231ae7aa89b5598f3) --- src/qemu/qemu_hotplug.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 170768b3bf..c0c0ae32c8 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -4013,6 +4013,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, time_t now = time(NULL); char expire_time [64]; const char *connected = NULL; + const char *password; int ret = -1; virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); @@ -4020,16 +4021,14 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, ret = 0; goto cleanup; } + password = auth->passwd ? auth->passwd : defaultPasswd; if (auth->connected) connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected); if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0) goto cleanup; - ret = qemuMonitorSetPassword(priv->mon, - type, - auth->passwd ? auth->passwd : defaultPasswd, - connected); + ret = qemuMonitorSetPassword(priv->mon, type, password, connected); if (ret == -2) { if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) { @@ -4037,14 +4036,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, _("Graphics password only supported for VNC")); ret = -1; } else { - ret = qemuMonitorSetVNCPassword(priv->mon, - auth->passwd ? auth->passwd : defaultPasswd); + ret = qemuMonitorSetVNCPassword(priv->mon, password); } } if (ret != 0) goto end_job; - if (auth->expires) { + if (password[0] == '\0') { + snprintf(expire_time, sizeof(expire_time), "now"); + } else if (auth->expires) { time_t lifetime = auth->validTo - now; if (lifetime <= 0) snprintf(expire_time, sizeof(expire_time), "now");