[Security] vncviewer can send password without proper validation of X.509 certs

(CVE-2011-1775). Reference: http://www.mail-archive.com/tigervnc-devel@lists.sourceforge.net/msg01342.html git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4401 3789f03b-4d11-0410-bbf8-ca57d06f2519
author: Adam Tkac <atkac@redhat.com> 2011-05-10 08:54:57 +0000
committer: Adam Tkac <atkac@redhat.com> 2011-05-10 08:54:57 +0000
commit: ce6c8b097f0d5b161039dc8c8208aff078d433ff (patch)
tree: a142334ddc0fbefd5c159c296732a632475ffcf4 /common/rfb
parent: 0aefdc87795e47f80bc71b438da55f5067a7d303 (diff)
download: tigervnc-ce6c8b097f0d5b161039dc8c8208aff078d433ff.tar.gz
tigervnc-ce6c8b097f0d5b161039dc8c8208aff078d433ff.zip
1 files changed, 9 insertions, 2 deletions
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 6028792b..3421de5e 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -171,8 +171,15 @@ bool CSecurityTLS::processMsg(CConnection* cc)
     if (!is->checkNoWait(1))
       return false;
 
-    if (is->readU8() == 0)
-      return true;
+    if (is->readU8() == 0) {
+      rdr::U32 result = is->readU32();
+      CharArray reason;
+      if (result == secResultFailed || result == secResultTooMany)
+        reason.buf = is->readString();
+      else
+        reason.buf = strDup("Authentication failure (protocol error)");
+      throw AuthFailureException(reason.buf);
+    }
 
     if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS)
       throw AuthFailureException("gnutls_init failed");
author	Adam Tkac <atkac@redhat.com>	2011-05-10 08:54:57 +0000
committer	Adam Tkac <atkac@redhat.com>	2011-05-10 08:54:57 +0000
commit	ce6c8b097f0d5b161039dc8c8208aff078d433ff (patch)
tree	a142334ddc0fbefd5c159c296732a632475ffcf4 /common/rfb
parent	0aefdc87795e47f80bc71b438da55f5067a7d303 (diff)
download	tigervnc-ce6c8b097f0d5b161039dc8c8208aff078d433ff.tar.gz tigervnc-ce6c8b097f0d5b161039dc8c8208aff078d433ff.zip