| commit | 9883355cd27949061b396a42bb724853b75ce7f9 | |
| author | aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162> | |
| Fri, 6 Mar 2009 20:27:02 +0000 (6 20:27 +0000) | ||
| committer | Mark McLoughlin <markmc@redhat.com> | |
| Fri, 11 Sep 2009 10:37:31 +0000 (11 11:37 +0100) | ||
| tree | 8395c52a123c0a2404c8cc38df572712d3dc24d2 | treesnapshot (tar.gz zip) |
| parent | 977b3b69b2e06f0aab0c48ff08a236bff8763f2e | commitdiff |
Fix bug in TLS authentication ("Daniel P. Berrange")
This patch was previously posted here:
http://lists.gnu.org/archive/html/qemu-devel/2009-02/msg00820.html
In the case where the TLS handshake does *not* block on I/O, QEMU
sends the next 'start sub-auth' message twice. This seriously confuses
the VNC client :-) Fortunately the chances of the handshake not blocking
are close to zero for a TCP socket, which is why it has not been noticed
thus far. Even with both client & server on localhost, I can only hit the
bug 1 time in 20.
NB, the diff context here is not too informative. If you look at the
full code you'll see that a few lines early we called vnc_start_tls()
which called vnc_continue_handshake() which called the method
start_auth_vencrypt_subauth(). Hence, fixing the bug, just involves
removing the 2nd bogus call to start_auth_vencrypt_subauth() as per
this patch.
(cherry picked from commit adc5ec856c557f75adc60b310e5b1d38210a289c)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Fedora-patch: 01-tls-handshake-fix.patch
This patch was previously posted here:
http://lists.gnu.org/archive/html/qemu-devel/2009-02/msg00820.html
In the case where the TLS handshake does *not* block on I/O, QEMU
sends the next 'start sub-auth' message twice. This seriously confuses
the VNC client :-) Fortunately the chances of the handshake not blocking
are close to zero for a TCP socket, which is why it has not been noticed
thus far. Even with both client & server on localhost, I can only hit the
bug 1 time in 20.
NB, the diff context here is not too informative. If you look at the
full code you'll see that a few lines early we called vnc_start_tls()
which called vnc_continue_handshake() which called the method
start_auth_vencrypt_subauth(). Hence, fixing the bug, just involves
removing the 2nd bogus call to start_auth_vencrypt_subauth() as per
this patch.
(cherry picked from commit adc5ec856c557f75adc60b310e5b1d38210a289c)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Fedora-patch: 01-tls-handshake-fix.patch
| vnc.c | diffblobblamehistory |