Commit adc5ec856c557f75adc60b310e5b1d38210a289c
1 parent
8a34a0fb
Fix bug in TLS authentication ("Daniel P. Berrange")
This patch was previously posted here: http://lists.gnu.org/archive/html/qemu-devel/2009-02/msg00820.html In the case where the TLS handshake does *not* block on I/O, QEMU sends the next 'start sub-auth' message twice. This seriously confuses the VNC client :-) Fortunately the chances of the handshake not blocking are close to zero for a TCP socket, which is why it has not been noticed thus far. Even with both client & server on localhost, I can only hit the bug 1 time in 20. NB, the diff context here is not too informative. If you look at the full code you'll see that a few lines early we called vnc_start_tls() which called vnc_continue_handshake() which called the method start_auth_vencrypt_subauth(). Hence, fixing the bug, just involves removing the 2nd bogus call to start_auth_vencrypt_subauth() as per this patch. vnc.c | 8 -------- 1 file changed, 8 deletions(-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6719 c046a42c-6fe2-441c-8c8c-71466251a162
Showing
1 changed file
with
0 additions
and
8 deletions
vnc.c
@@ -2098,14 +2098,6 @@ static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len | @@ -2098,14 +2098,6 @@ static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len | ||
2098 | VNC_DEBUG("Failed to complete TLS\n"); | 2098 | VNC_DEBUG("Failed to complete TLS\n"); |
2099 | return 0; | 2099 | return 0; |
2100 | } | 2100 | } |
2101 | - | ||
2102 | - if (vs->wiremode == VNC_WIREMODE_TLS) { | ||
2103 | - VNC_DEBUG("Starting VeNCrypt subauth\n"); | ||
2104 | - return start_auth_vencrypt_subauth(vs); | ||
2105 | - } else { | ||
2106 | - VNC_DEBUG("TLS handshake blocked\n"); | ||
2107 | - return 0; | ||
2108 | - } | ||
2109 | } | 2101 | } |
2110 | return 0; | 2102 | return 0; |
2111 | } | 2103 | } |