Re: [libvirt PATCH] qemu: validate VNC password length

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Dec 16, 2021 at 10:48:53AM +0000, Daniel P. Berrangé wrote:
> The VNC password authentication scheme is quite horrendous in that it
> takes the user password and directly uses it as a DES case. DES is a
> byte 8 keyed cipher, so the VNC password can never be more than 8
> characters long. Anything over that length will be silently dropped.
> 
> We should validate this length restriction when accepting user XML
> configs and report an error. For the global VNC password we don't
> really want to break daemon startup by reporting an error, but
> logging a warning is worthwhile.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1506689
> Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
> ---
>  src/qemu/qemu_conf.c     | 6 ++++++
>  src/qemu/qemu_validate.c | 8 ++++++++
>  2 files changed, 14 insertions(+)

Reviewed-by: Pavel Hrdina <phrdina@xxxxxxxxxx>

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux