From 5f09e7c662a2a31b5d4f276c978da936d77f61ad Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Thu, 21 May 2020 12:10:52 +0200
Subject: [PATCH] Don't read invalid TLS auth reason

The specification only states a single result byte and not any reason
after a TLS authentication failure.
---
 common/rfb/CSecurityTLS.cxx | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 5c303a37..374ec7f3 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -157,15 +157,8 @@ bool CSecurityTLS::processMsg()
     if (!is->checkNoWait(1))
       return false;
 
-    if (is->readU8() == 0) {
-      rdr::U32 result = is->readU32();
-      CharArray reason;
-      if (result == secResultFailed || result == secResultTooMany)
-        reason.buf = is->readString();
-      else
-        reason.buf = strDup("protocol error");
-      throw AuthFailureException(reason.buf);
-    }
+    if (is->readU8() == 0)
+      throw AuthFailureException("Server failed to initialize TLS session");
 
     if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS)
       throw AuthFailureException("gnutls_init failed");
-- 
2.39.5