From: Pierre Ossman <ossman@cendio.se>
Date: Thu, 21 May 2020 10:10:52 +0000 (+0200)
Subject: Don't read invalid TLS auth reason
X-Git-Tag: v1.11.90~74^2~3
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=5f09e7c662a2a31b5d4f276c978da936d77f61ad;p=tigervnc.git

Don't read invalid TLS auth reason

The specification only states a single result byte and not any reason
after a TLS authentication failure.
---

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 5c303a37..374ec7f3 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -157,15 +157,8 @@ bool CSecurityTLS::processMsg()
     if (!is->checkNoWait(1))
       return false;
 
-    if (is->readU8() == 0) {
-      rdr::U32 result = is->readU32();
-      CharArray reason;
-      if (result == secResultFailed || result == secResultTooMany)
-        reason.buf = is->readString();
-      else
-        reason.buf = strDup("protocol error");
-      throw AuthFailureException(reason.buf);
-    }
+    if (is->readU8() == 0)
+      throw AuthFailureException("Server failed to initialize TLS session");
 
     if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS)
       throw AuthFailureException("gnutls_init failed");