On Tue, May 26, 2015 at 04:14:02PM +0200, Christophe Fergeau wrote: > Hey, > > I think you should report an error somehow in > spice_channel_send_spice_ticket() if SpiceSession::password is too > long. Hmm looking at this some more, things seem messy :( The on-wire encrypted password seems to have a max length (see reds_get_spice_ticket() in server/reds.c). spice_channel_send_spice_ticket() in spice-gtk also has a comment saying /* The use of RSA encryption limit the potential maximum password length. For RSA_PKCS1_OAEP_PADDING it is RSA_size(rsa) - 41. */ so some 'password too long' check would be nice to have before sending too much data on the wire on the spice-gtk side. Christophe
Attachment:
pgplsDa7rw8LA.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel