From dd9cca35bce5bea871f96264cfe9f629566f0b12 Mon Sep 17 00:00:00 2001 From: Jiri Denemark Date: Tue, 28 Jun 2016 14:39:58 +0200 Subject: [PATCH] qemu: Let empty default VNC password work as documented CVE-2016-5008 Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now". https://bugzilla.redhat.com/show_bug.cgi?id=1180092 Signed-off-by: Jiri Denemark (cherry picked from commit bb848feec0f3f10e92dd8e5231ae7aa89b5598f3) (cherry picked from commit d933f68ee660566b52cd90330aee0d5f414636a4) --- src/qemu/qemu_hotplug.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index cdf9eacd94..80c7365b42 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -3455,6 +3455,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, time_t now = time(NULL); char expire_time [64]; const char *connected = NULL; + const char *password; int ret = -1; virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); @@ -3462,15 +3463,13 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, ret = 0; goto cleanup; } + password = auth->passwd ? auth->passwd : defaultPasswd; if (auth->connected) connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected); qemuDomainObjEnterMonitor(driver, vm); - ret = qemuMonitorSetPassword(priv->mon, - type, - auth->passwd ? auth->passwd : defaultPasswd, - connected); + ret = qemuMonitorSetPassword(priv->mon, type, password, connected); if (ret == -2) { if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) { @@ -3478,14 +3477,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, _("Graphics password only supported for VNC")); ret = -1; } else { - ret = qemuMonitorSetVNCPassword(priv->mon, - auth->passwd ? auth->passwd : defaultPasswd); + ret = qemuMonitorSetVNCPassword(priv->mon, password); } } if (ret != 0) goto end_job; - if (auth->expires) { + if (password[0] == '\0') { + snprintf(expire_time, sizeof(expire_time), "now"); + } else if (auth->expires) { time_t lifetime = auth->validTo - now; if (lifetime <= 0) snprintf(expire_time, sizeof(expire_time), "now");