From ce6c8b097f0d5b161039dc8c8208aff078d433ff Mon Sep 17 00:00:00 2001
From: Adam Tkac <atkac@redhat.com>
Date: Tue, 10 May 2011 08:54:57 +0000
Subject: [Security] vncviewer can send password without proper validation of
 X.509 certs (CVE-2011-1775).

Reference: http://www.mail-archive.com/tigervnc-devel@lists.sourceforge.net/msg01342.html


git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4401 3789f03b-4d11-0410-bbf8-ca57d06f2519
---
 common/rfb/CSecurityTLS.cxx | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'common/rfb')

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 6028792b..3421de5e 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -171,8 +171,15 @@ bool CSecurityTLS::processMsg(CConnection* cc)
     if (!is->checkNoWait(1))
       return false;
 
-    if (is->readU8() == 0)
-      return true;
+    if (is->readU8() == 0) {
+      rdr::U32 result = is->readU32();
+      CharArray reason;
+      if (result == secResultFailed || result == secResultTooMany)
+        reason.buf = is->readString();
+      else
+        reason.buf = strDup("Authentication failure (protocol error)");
+      throw AuthFailureException(reason.buf);
+    }
 
     if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS)
       throw AuthFailureException("gnutls_init failed");
-- 
cgit v1.2.3