import gtk-vnc-0.9.0-2.el8
This commit is contained in:
parent
8de792c212
commit
eaddb23766
63
SOURCES/0003-sasl-Factor-common-code-auth-failure.patch
Normal file
63
SOURCES/0003-sasl-Factor-common-code-auth-failure.patch
Normal file
@ -0,0 +1,63 @@
|
||||
From 9fc84302bb18ffb552f2405df7820df9c4bfa2ec Mon Sep 17 00:00:00 2001
|
||||
From: Christophe Fergeau <cfergeau@redhat.com>
|
||||
Date: Wed, 9 Jan 2019 14:01:22 +0100
|
||||
Subject: [PATCH] sasl: Factor common code auth failure
|
||||
|
||||
The new vnc_connection_auth_failure() method will be reused in the
|
||||
next commit.
|
||||
|
||||
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
||||
(cherry picked from commit 83cac0cbe8b8006c50d177650459aaa47f1fd129)
|
||||
Resolves: rhbz#1688275
|
||||
---
|
||||
src/vncconnection.c | 17 +++++++++++------
|
||||
1 file changed, 11 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/vncconnection.c b/src/vncconnection.c
|
||||
index afc1418..58455df 100644
|
||||
--- a/src/vncconnection.c
|
||||
+++ b/src/vncconnection.c
|
||||
@@ -124,6 +124,7 @@ static void vnc_connection_close(VncConnection *conn);
|
||||
static void vnc_connection_set_error(VncConnection *conn,
|
||||
const char *format,
|
||||
...) G_GNUC_PRINTF(2, 3);
|
||||
+static void vnc_connection_auth_failure(VncConnection *conn, const char *reason);
|
||||
|
||||
/*
|
||||
* A special GSource impl which allows us to wait on a certain
|
||||
@@ -660,6 +661,14 @@ static G_GNUC_PRINTF(2, 3) void vnc_connection_set_error(VncConnection *conn,
|
||||
vnc_connection_emit_main_context(conn, VNC_ERROR, &s);
|
||||
}
|
||||
|
||||
+static void vnc_connection_auth_failure(VncConnection *conn,
|
||||
+ const char *reason)
|
||||
+{
|
||||
+ struct signal_data sigdata;
|
||||
+
|
||||
+ sigdata.params.authReason = reason;
|
||||
+ vnc_connection_emit_main_context(conn, VNC_AUTH_FAILURE, &sigdata);
|
||||
+}
|
||||
|
||||
static gboolean vnc_connection_use_compression(VncConnection *conn)
|
||||
{
|
||||
@@ -3571,18 +3580,14 @@ static gboolean vnc_connection_check_auth_result(VncConnection *conn)
|
||||
reason[len] = '\0';
|
||||
VNC_DEBUG("Fail %s", reason);
|
||||
if (!priv->coroutine_stop) {
|
||||
- struct signal_data sigdata;
|
||||
- sigdata.params.authReason = reason;
|
||||
vnc_connection_set_error(conn, "%s", reason);
|
||||
- vnc_connection_emit_main_context(conn, VNC_AUTH_FAILURE, &sigdata);
|
||||
+ vnc_connection_auth_failure(conn, reason);
|
||||
}
|
||||
} else {
|
||||
VNC_DEBUG("Fail auth no result");
|
||||
if (!priv->coroutine_stop) {
|
||||
- struct signal_data sigdata;
|
||||
- sigdata.params.authReason = "Unknown authentication failure";
|
||||
vnc_connection_set_error(conn, "%s", "Unknown authentication failure");
|
||||
- vnc_connection_emit_main_context(conn, VNC_AUTH_FAILURE, &sigdata);
|
||||
+ vnc_connection_auth_failure(conn, "Unknown authentication failure");
|
||||
}
|
||||
}
|
||||
return FALSE;
|
@ -0,0 +1,33 @@
|
||||
From 9cadf0ab5071d14066af233a11f994b166454267 Mon Sep 17 00:00:00 2001
|
||||
From: Christophe Fergeau <cfergeau@redhat.com>
|
||||
Date: Wed, 9 Jan 2019 14:01:23 +0100
|
||||
Subject: [PATCH] sasl: Emit vnc-auth-failure signal on SASL auth failures
|
||||
|
||||
When the SASL username or password are wrong, at the moment client
|
||||
application will not get any specific notification for it, they will
|
||||
just know that the remote connection was closed because of an error.
|
||||
|
||||
This commit adds the emission of the vnc-auth-failure signal when
|
||||
vnc_connection_perform_auth_sasl() fails.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1456175
|
||||
|
||||
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
||||
(cherry picked from commit 3f4f79ffbf74f31ae65055c03a8eb523ac631422)
|
||||
Resolves: rhbz#1688275
|
||||
---
|
||||
src/vncconnection.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/vncconnection.c b/src/vncconnection.c
|
||||
index 58455df..aceb31d 100644
|
||||
--- a/src/vncconnection.c
|
||||
+++ b/src/vncconnection.c
|
||||
@@ -4419,6 +4419,7 @@ static gboolean vnc_connection_perform_auth_sasl(VncConnection *conn)
|
||||
error:
|
||||
if (saslconn)
|
||||
sasl_dispose(&saslconn);
|
||||
+ vnc_connection_auth_failure(conn, "Unknown authentication failure");
|
||||
return FALSE;
|
||||
}
|
||||
#endif /* HAVE_SASL */
|
@ -0,0 +1,66 @@
|
||||
From bfc434015456687388370ccfc0fc92fd54c58b4b Mon Sep 17 00:00:00 2001
|
||||
From: Christophe Fergeau <cfergeau@redhat.com>
|
||||
Date: Wed, 9 Jan 2019 14:01:24 +0100
|
||||
Subject: [PATCH] conn: Report error if vnc_connection_perform_auth_vnc fails
|
||||
|
||||
At the moment, when the various crypto operations that
|
||||
vnc_connection_perform_auth_vnc performs fail, no error is reported to
|
||||
the client application. This commit adds the emission of a vnc-error
|
||||
signal when this happens. This is not reported as an auth failure as
|
||||
these errors are not something which is recoverable, they indicate
|
||||
system failures.
|
||||
|
||||
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
||||
(cherry picked from commit fa21beab5b44354c890699663a71b07d6ce18d40)
|
||||
Resolves: rhbz#1688275
|
||||
---
|
||||
src/vncconnection.c | 13 +++++++++----
|
||||
1 file changed, 9 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/vncconnection.c b/src/vncconnection.c
|
||||
index aceb31d..65111fd 100644
|
||||
--- a/src/vncconnection.c
|
||||
+++ b/src/vncconnection.c
|
||||
@@ -3638,33 +3638,38 @@ static gboolean vnc_connection_perform_auth_vnc(VncConnection *conn)
|
||||
error = gcry_cipher_open(&c, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
|
||||
if (gcry_err_code (error) != GPG_ERR_NO_ERROR) {
|
||||
VNC_DEBUG("gcry_cipher_open error: %s\n", gcry_strerror(error));
|
||||
- return FALSE;
|
||||
+ goto error;
|
||||
}
|
||||
|
||||
error = gcry_cipher_setkey(c, key, 8);
|
||||
if (gcry_err_code (error) != GPG_ERR_NO_ERROR) {
|
||||
VNC_DEBUG("gcry_cipher_setkey error: %s\n", gcry_strerror(error));
|
||||
gcry_cipher_close(c);
|
||||
- return FALSE;
|
||||
+ goto error;
|
||||
}
|
||||
|
||||
error = gcry_cipher_encrypt(c, challenge, 8, challenge, 8);
|
||||
if (gcry_err_code (error) != GPG_ERR_NO_ERROR) {
|
||||
VNC_DEBUG("gcry_cipher_encrypt error: %s\n", gcry_strerror(error));
|
||||
gcry_cipher_close(c);
|
||||
- return FALSE;
|
||||
+ goto error;
|
||||
}
|
||||
error = gcry_cipher_encrypt(c, challenge + 8, 8, challenge + 8, 8);
|
||||
if (gcry_err_code (error) != GPG_ERR_NO_ERROR) {
|
||||
VNC_DEBUG("gcry_cipher_encrypt error: %s\n", gcry_strerror(error));
|
||||
gcry_cipher_close(c);
|
||||
- return FALSE;
|
||||
+ goto error;
|
||||
}
|
||||
gcry_cipher_close(c);
|
||||
|
||||
vnc_connection_write(conn, challenge, 16);
|
||||
vnc_connection_flush(conn);
|
||||
return vnc_connection_check_auth_result(conn);
|
||||
+
|
||||
+error:
|
||||
+ vnc_connection_set_error(conn, "%s: %s", "Unknown authentication failure: %s",
|
||||
+ gcry_strerror(error));
|
||||
+ return FALSE;
|
||||
}
|
||||
|
||||
/*
|
@ -0,0 +1,73 @@
|
||||
From 74fcc039b313a0d3b91d15b83b4d4df4aa84536e Mon Sep 17 00:00:00 2001
|
||||
From: Christophe Fergeau <cfergeau@redhat.com>
|
||||
Date: Wed, 9 Jan 2019 14:01:25 +0100
|
||||
Subject: [PATCH] conn: Remove redundant vnc_connection_has_error() calls
|
||||
|
||||
No need to call it twice in:
|
||||
if (vnc_connection_has_error(conn))
|
||||
return !vnc_connection_has_error(conn);
|
||||
|
||||
and no need to call it after calling vnc_connection_set_error() as it
|
||||
will always return TRUE in this scenario.
|
||||
|
||||
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
||||
(cherry picked from commit 247eaddd7455ee4eb80efe4971167ab0636a4509)
|
||||
Resolves: rhbz#1688275
|
||||
---
|
||||
src/vncconnection.c | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/vncconnection.c b/src/vncconnection.c
|
||||
index 65111fd..fd7468b 100644
|
||||
--- a/src/vncconnection.c
|
||||
+++ b/src/vncconnection.c
|
||||
@@ -3120,7 +3120,7 @@ static gboolean vnc_connection_framebuffer_update(VncConnection *conn, gint32 et
|
||||
etype, width, height, x, y);
|
||||
|
||||
if (vnc_connection_has_error(conn))
|
||||
- return !vnc_connection_has_error(conn);
|
||||
+ return FALSE;
|
||||
|
||||
switch (etype) {
|
||||
case VNC_CONNECTION_ENCODING_RAW:
|
||||
@@ -3292,7 +3292,7 @@ static gboolean vnc_connection_server_message(VncConnection *conn)
|
||||
int ret;
|
||||
|
||||
if (vnc_connection_has_error(conn))
|
||||
- return !vnc_connection_has_error(conn);
|
||||
+ return FALSE;
|
||||
|
||||
/* NB: make sure that all server message functions
|
||||
handle has_error appropriately */
|
||||
@@ -5838,7 +5838,7 @@ gboolean vnc_connection_set_auth_type(VncConnection *conn, unsigned int type)
|
||||
VNC_DEBUG("Thinking about auth type %u", type);
|
||||
if (priv->auth_type != VNC_CONNECTION_AUTH_INVALID) {
|
||||
vnc_connection_set_error(conn, "%s", "Auth type has already been set");
|
||||
- return !vnc_connection_has_error(conn);
|
||||
+ return FALSE;
|
||||
}
|
||||
if (type != VNC_CONNECTION_AUTH_NONE &&
|
||||
type != VNC_CONNECTION_AUTH_VNC &&
|
||||
@@ -5851,7 +5851,7 @@ gboolean vnc_connection_set_auth_type(VncConnection *conn, unsigned int type)
|
||||
vnc_connection_set_error(conn, "Auth type %u is not supported",
|
||||
type);
|
||||
g_signal_emit(conn, VNC_AUTH_UNSUPPORTED, 0, type);
|
||||
- return !vnc_connection_has_error(conn);
|
||||
+ return FALSE;
|
||||
}
|
||||
VNC_DEBUG("Decided on auth type %u", type);
|
||||
priv->auth_type = type;
|
||||
@@ -5880,11 +5880,11 @@ gboolean vnc_connection_set_auth_subtype(VncConnection *conn, unsigned int type)
|
||||
priv->auth_type != VNC_CONNECTION_AUTH_TLS) {
|
||||
vnc_connection_set_error(conn, "Auth type %u does not support subauth",
|
||||
priv->auth_type);
|
||||
- return !vnc_connection_has_error(conn);
|
||||
+ return FALSE;
|
||||
}
|
||||
if (priv->auth_subtype != VNC_CONNECTION_AUTH_INVALID) {
|
||||
vnc_connection_set_error(conn, "%s", "Auth subtype has already been set");
|
||||
- return !vnc_connection_has_error(conn);
|
||||
+ return FALSE;
|
||||
}
|
||||
priv->auth_subtype = type;
|
||||
|
333
SOURCES/0007-conn-Use-vnc_connection_has_error-extensively.patch
Normal file
333
SOURCES/0007-conn-Use-vnc_connection_has_error-extensively.patch
Normal file
@ -0,0 +1,333 @@
|
||||
From fe4d5599a9aec8bcd2ad53d8e124630a53cd8394 Mon Sep 17 00:00:00 2001
|
||||
From: Christophe Fergeau <cfergeau@redhat.com>
|
||||
Date: Wed, 9 Jan 2019 14:01:26 +0100
|
||||
Subject: [PATCH] conn: Use vnc_connection_has_error() extensively
|
||||
|
||||
It's better to call this helper rather than directly checking for
|
||||
priv->coroutine_stop.
|
||||
|
||||
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
||||
(cherry picked from commit ad6478a1e522f5e0c2f396ac3600dc35df5871a8)
|
||||
Resolves: rhbz#1688275
|
||||
---
|
||||
src/vncconnection.c | 77 ++++++++++++++++++++++-----------------------
|
||||
1 file changed, 37 insertions(+), 40 deletions(-)
|
||||
|
||||
diff --git a/src/vncconnection.c b/src/vncconnection.c
|
||||
index fd7468b..bbf4373 100644
|
||||
--- a/src/vncconnection.c
|
||||
+++ b/src/vncconnection.c
|
||||
@@ -736,7 +736,7 @@ static int vnc_connection_read_wire(VncConnection *conn, void *data, size_t len)
|
||||
|
||||
reread:
|
||||
|
||||
- if (priv->coroutine_stop) return -EINVAL;
|
||||
+ if (vnc_connection_has_error(conn)) return -EINVAL;
|
||||
|
||||
if (priv->tls_session) {
|
||||
ret = gnutls_read(priv->tls_session, data, len);
|
||||
@@ -885,7 +885,7 @@ static int vnc_connection_read(VncConnection *conn, void *data, size_t len)
|
||||
char *ptr = data;
|
||||
size_t offset = 0;
|
||||
|
||||
- if (priv->coroutine_stop) return -EINVAL;
|
||||
+ if (vnc_connection_has_error(conn)) return -EINVAL;
|
||||
|
||||
while (offset < len) {
|
||||
size_t tmp;
|
||||
@@ -941,7 +941,7 @@ static void vnc_connection_flush_wire(VncConnection *conn,
|
||||
int ret;
|
||||
gboolean blocking = FALSE;
|
||||
|
||||
- if (priv->coroutine_stop) return;
|
||||
+ if (vnc_connection_has_error(conn)) return;
|
||||
|
||||
if (priv->tls_session) {
|
||||
ret = gnutls_write(priv->tls_session,
|
||||
@@ -2878,10 +2878,9 @@ static void vnc_connection_tight_update(VncConnection *conn,
|
||||
|
||||
static void vnc_connection_update(VncConnection *conn, int x, int y, int width, int height)
|
||||
{
|
||||
- VncConnectionPrivate *priv = conn->priv;
|
||||
struct signal_data sigdata;
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return;
|
||||
|
||||
VNC_DEBUG("Notify update area (%dx%d) at location %d,%d", width, height, x, y);
|
||||
@@ -2896,10 +2895,9 @@ static void vnc_connection_update(VncConnection *conn, int x, int y, int width,
|
||||
|
||||
static void vnc_connection_bell(VncConnection *conn)
|
||||
{
|
||||
- VncConnectionPrivate *priv = conn->priv;
|
||||
struct signal_data sigdata;
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return;
|
||||
|
||||
VNC_DEBUG("Server beep");
|
||||
@@ -2911,11 +2909,10 @@ static void vnc_connection_server_cut_text(VncConnection *conn,
|
||||
const void *data,
|
||||
size_t len)
|
||||
{
|
||||
- VncConnectionPrivate *priv = conn->priv;
|
||||
struct signal_data sigdata;
|
||||
GString *text;
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return;
|
||||
|
||||
text = g_string_new_len ((const gchar *)data, len);
|
||||
@@ -2933,7 +2930,7 @@ static void vnc_connection_resize(VncConnection *conn, int width, int height)
|
||||
|
||||
VNC_DEBUG("Desktop resize w=%d h=%d", width, height);
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return;
|
||||
|
||||
priv->width = width;
|
||||
@@ -2949,7 +2946,7 @@ static void vnc_connection_pixel_format(VncConnection *conn)
|
||||
VncConnectionPrivate *priv = conn->priv;
|
||||
struct signal_data sigdata;
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return;
|
||||
|
||||
sigdata.params.pixelFormat = &priv->fmt;
|
||||
@@ -2967,7 +2964,7 @@ static void vnc_connection_pointer_type_change(VncConnection *conn, gboolean abs
|
||||
return;
|
||||
priv->absPointer = absPointer;
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return;
|
||||
|
||||
sigdata.params.absPointer = absPointer;
|
||||
@@ -3028,7 +3025,7 @@ static void vnc_connection_rich_cursor(VncConnection *conn, guint16 x, guint16 y
|
||||
priv->cursor = vnc_cursor_new(pixbuf, x, y, width, height);
|
||||
}
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return;
|
||||
|
||||
sigdata.params.cursor = priv->cursor;
|
||||
@@ -3093,7 +3090,7 @@ static void vnc_connection_xcursor(VncConnection *conn, guint16 x, guint16 y, gu
|
||||
priv->cursor = vnc_cursor_new(pixbuf, x, y, width, height);
|
||||
}
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return;
|
||||
|
||||
sigdata.params.cursor = priv->cursor;
|
||||
@@ -3405,7 +3402,7 @@ static gboolean vnc_connection_server_message(VncConnection *conn)
|
||||
|
||||
n_type = vnc_connection_read_u8(conn);
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
break;
|
||||
|
||||
switch (n_type) {
|
||||
@@ -3423,7 +3420,7 @@ static gboolean vnc_connection_server_message(VncConnection *conn)
|
||||
n_length, 1024 * 1024);
|
||||
break;
|
||||
}
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
break;
|
||||
|
||||
if (!priv->audio) {
|
||||
@@ -3491,7 +3488,7 @@ static gboolean vnc_connection_has_credentials(gpointer data)
|
||||
VncConnection *conn = data;
|
||||
VncConnectionPrivate *priv = conn->priv;
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return TRUE;
|
||||
if (priv->want_cred_username && !priv->cred_username)
|
||||
return FALSE;
|
||||
@@ -3508,7 +3505,7 @@ static gboolean vnc_connection_gather_credentials(VncConnection *conn)
|
||||
|
||||
VNC_DEBUG("Checking if credentials are needed");
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return FALSE;
|
||||
|
||||
if (!vnc_connection_has_credentials(conn)) {
|
||||
@@ -3546,7 +3543,7 @@ static gboolean vnc_connection_gather_credentials(VncConnection *conn)
|
||||
|
||||
g_value_array_free(authCred);
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return FALSE;
|
||||
VNC_DEBUG("Waiting for missing credentials");
|
||||
g_condition_wait(vnc_connection_has_credentials, conn);
|
||||
@@ -3579,13 +3576,13 @@ static gboolean vnc_connection_check_auth_result(VncConnection *conn)
|
||||
vnc_connection_read(conn, reason, len);
|
||||
reason[len] = '\0';
|
||||
VNC_DEBUG("Fail %s", reason);
|
||||
- if (!priv->coroutine_stop) {
|
||||
+ if (!vnc_connection_has_error(conn)) {
|
||||
vnc_connection_set_error(conn, "%s", reason);
|
||||
vnc_connection_auth_failure(conn, reason);
|
||||
}
|
||||
} else {
|
||||
VNC_DEBUG("Fail auth no result");
|
||||
- if (!priv->coroutine_stop) {
|
||||
+ if (!vnc_connection_has_error(conn)) {
|
||||
vnc_connection_set_error(conn, "%s", "Unknown authentication failure");
|
||||
vnc_connection_auth_failure(conn, "Unknown authentication failure");
|
||||
}
|
||||
@@ -4197,7 +4194,7 @@ static gboolean vnc_connection_perform_auth_sasl(VncConnection *conn)
|
||||
|
||||
/* Get the supported mechanisms from the server */
|
||||
mechlistlen = vnc_connection_read_u32(conn);
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
goto error;
|
||||
if (mechlistlen > SASL_MAX_MECHLIST_LEN) {
|
||||
vnc_connection_set_error(conn,
|
||||
@@ -4209,7 +4206,7 @@ static gboolean vnc_connection_perform_auth_sasl(VncConnection *conn)
|
||||
mechlist = g_malloc(mechlistlen+1);
|
||||
vnc_connection_read(conn, mechlist, mechlistlen);
|
||||
mechlist[mechlistlen] = '\0';
|
||||
- if (priv->coroutine_stop) {
|
||||
+ if (vnc_connection_has_error(conn)) {
|
||||
g_free(mechlist);
|
||||
mechlist = NULL;
|
||||
goto error;
|
||||
@@ -4266,14 +4263,14 @@ static gboolean vnc_connection_perform_auth_sasl(VncConnection *conn)
|
||||
vnc_connection_write_u32(conn, 0);
|
||||
}
|
||||
vnc_connection_flush(conn);
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
goto error;
|
||||
|
||||
|
||||
VNC_DEBUG("%s", "Getting sever start negotiation reply");
|
||||
/* Read the 'START' message reply from server */
|
||||
serverinlen = vnc_connection_read_u32(conn);
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
goto error;
|
||||
if (serverinlen > SASL_MAX_DATA_LEN) {
|
||||
vnc_connection_set_error(conn,
|
||||
@@ -4292,7 +4289,7 @@ static gboolean vnc_connection_perform_auth_sasl(VncConnection *conn)
|
||||
serverin = NULL;
|
||||
}
|
||||
complete = vnc_connection_read_u8(conn);
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
goto error;
|
||||
|
||||
VNC_DEBUG("Client start result complete: %d. Data %u bytes %p '%s'",
|
||||
@@ -4354,13 +4351,13 @@ static gboolean vnc_connection_perform_auth_sasl(VncConnection *conn)
|
||||
vnc_connection_write_u32(conn, 0);
|
||||
}
|
||||
vnc_connection_flush(conn);
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
goto error;
|
||||
|
||||
VNC_DEBUG("Server step with %u bytes %p", clientoutlen, clientout);
|
||||
|
||||
serverinlen = vnc_connection_read_u32(conn);
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
goto error;
|
||||
if (serverinlen > SASL_MAX_DATA_LEN) {
|
||||
vnc_connection_set_error(conn,
|
||||
@@ -4379,7 +4376,7 @@ static gboolean vnc_connection_perform_auth_sasl(VncConnection *conn)
|
||||
serverin = NULL;
|
||||
}
|
||||
complete = vnc_connection_read_u8(conn);
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
goto error;
|
||||
|
||||
VNC_DEBUG("Client step result complete: %d. Data %u bytes %p '%s'",
|
||||
@@ -4524,7 +4521,7 @@ static gboolean vnc_connection_has_auth_subtype(gpointer data)
|
||||
VncConnection *conn = data;
|
||||
VncConnectionPrivate *priv = conn->priv;
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return TRUE;
|
||||
if (priv->auth_subtype == VNC_CONNECTION_AUTH_INVALID)
|
||||
return FALSE;
|
||||
@@ -4597,15 +4594,15 @@ static gboolean vnc_connection_perform_auth_tls(VncConnection *conn)
|
||||
VNC_DEBUG("Possible TLS sub-auth %u", auth[i]);
|
||||
}
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return FALSE;
|
||||
vnc_connection_choose_auth(conn, VNC_AUTH_CHOOSE_SUBTYPE, nauth, auth);
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return FALSE;
|
||||
|
||||
VNC_DEBUG("Waiting for TLS auth subtype");
|
||||
g_condition_wait(vnc_connection_has_auth_subtype, conn);
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return FALSE;
|
||||
|
||||
VNC_DEBUG("Choose auth %u", priv->auth_subtype);
|
||||
@@ -4672,15 +4669,15 @@ static gboolean vnc_connection_perform_auth_vencrypt(VncConnection *conn)
|
||||
VNC_DEBUG("Possible VeNCrypt sub-auth %u", auth[i]);
|
||||
}
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return FALSE;
|
||||
vnc_connection_choose_auth(conn, VNC_AUTH_CHOOSE_SUBTYPE, nauth, auth);
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return FALSE;
|
||||
|
||||
VNC_DEBUG("Waiting for VeNCrypt auth subtype");
|
||||
g_condition_wait(vnc_connection_has_auth_subtype, conn);
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return FALSE;
|
||||
|
||||
VNC_DEBUG("Choose auth %u", priv->auth_subtype);
|
||||
@@ -4753,7 +4750,7 @@ static gboolean vnc_connection_has_auth_type(gpointer data)
|
||||
VncConnection *conn = data;
|
||||
VncConnectionPrivate *priv = conn->priv;
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return TRUE;
|
||||
if (priv->auth_type == VNC_CONNECTION_AUTH_INVALID)
|
||||
return FALSE;
|
||||
@@ -4790,15 +4787,15 @@ static gboolean vnc_connection_perform_auth(VncConnection *conn)
|
||||
VNC_DEBUG("Possible auth %u", auth[i]);
|
||||
}
|
||||
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return FALSE;
|
||||
vnc_connection_choose_auth(conn, VNC_AUTH_CHOOSE_TYPE, nauth, auth);
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return FALSE;
|
||||
|
||||
VNC_DEBUG("Waiting for auth type");
|
||||
g_condition_wait(vnc_connection_has_auth_type, conn);
|
||||
- if (priv->coroutine_stop)
|
||||
+ if (vnc_connection_has_error(conn))
|
||||
return FALSE;
|
||||
|
||||
VNC_DEBUG("Choose auth %u", priv->auth_type);
|
75
SOURCES/0008-vnc_connection_start_tls-add-deinit-label.patch
Normal file
75
SOURCES/0008-vnc_connection_start_tls-add-deinit-label.patch
Normal file
@ -0,0 +1,75 @@
|
||||
From a820d8623e5eae48cb08b624c85fc846a198df16 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
|
||||
Date: Fri, 11 Jan 2019 16:34:30 +0100
|
||||
Subject: [PATCH] vnc_connection_start_tls: add deinit label
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Introduce a deinit label to unify cleanup paths which call gnutls_deinit.
|
||||
|
||||
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
||||
(cherry picked from commit e62d010777eecda47829e9da54bad3387f4d6231)
|
||||
Resolves: rhbz#1665837
|
||||
---
|
||||
src/vncconnection.c | 19 +++++++++----------
|
||||
1 file changed, 9 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/src/vncconnection.c b/src/vncconnection.c
|
||||
index bbf4373..7b15211 100644
|
||||
--- a/src/vncconnection.c
|
||||
+++ b/src/vncconnection.c
|
||||
@@ -4445,22 +4445,19 @@ static gboolean vnc_connection_start_tls(VncConnection *conn, int anonTLS)
|
||||
}
|
||||
|
||||
if (gnutls_priority_set_direct(priv->tls_session, priority, NULL) < 0) {
|
||||
- gnutls_deinit(priv->tls_session);
|
||||
vnc_connection_set_error(conn, "%s", "Failed to set priority");
|
||||
- return FALSE;
|
||||
+ goto deinit;
|
||||
}
|
||||
|
||||
if (anonTLS) {
|
||||
gnutls_anon_client_credentials anon_cred = vnc_connection_tls_initialize_anon_cred();
|
||||
if (!anon_cred) {
|
||||
- gnutls_deinit(priv->tls_session);
|
||||
vnc_connection_set_error(conn, "%s", "Failed to allocate credentials");
|
||||
- return FALSE;
|
||||
+ goto deinit;
|
||||
}
|
||||
if (gnutls_credentials_set(priv->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
|
||||
- gnutls_deinit(priv->tls_session);
|
||||
vnc_connection_set_error(conn, "%s", "Failed to initialize credentials");
|
||||
- return FALSE;
|
||||
+ goto deinit;
|
||||
}
|
||||
} else {
|
||||
priv->want_cred_password = FALSE;
|
||||
@@ -4471,14 +4468,12 @@ static gboolean vnc_connection_start_tls(VncConnection *conn, int anonTLS)
|
||||
|
||||
gnutls_certificate_credentials_t x509_cred = vnc_connection_tls_initialize_cert_cred(conn);
|
||||
if (!x509_cred) {
|
||||
- gnutls_deinit(priv->tls_session);
|
||||
vnc_connection_set_error(conn, "%s", "Failed to allocate credentials");
|
||||
- return FALSE;
|
||||
+ goto deinit;
|
||||
}
|
||||
if (gnutls_credentials_set(priv->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
|
||||
- gnutls_deinit(priv->tls_session);
|
||||
vnc_connection_set_error(conn, "%s", "Failed to initialize credentials");
|
||||
- return FALSE;
|
||||
+ goto deinit;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4514,6 +4509,10 @@ static gboolean vnc_connection_start_tls(VncConnection *conn, int anonTLS)
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
+
|
||||
+ deinit:
|
||||
+ gnutls_deinit(priv->tls_session);
|
||||
+ return FALSE;
|
||||
}
|
||||
|
||||
static gboolean vnc_connection_has_auth_subtype(gpointer data)
|
@ -0,0 +1,60 @@
|
||||
From 47fdacf72c35cb89071084171e020b4846b3fbd6 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
|
||||
Date: Fri, 11 Jan 2019 16:34:31 +0100
|
||||
Subject: [PATCH] vnc_connection_start_tls: set tls_session to NULL after
|
||||
deinit
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Avoid a double free in case of a failure, e.g. when vnc_connection_tls_initialize_cert_cred
|
||||
fails to read the certificate:
|
||||
|
||||
==1154== Invalid read of size 4
|
||||
==1154== at 0x60870FB: gnutls_bye (record.c:288)
|
||||
==1154== by 0x4A46B73: vnc_connection_close (vncconnection.c:5120)
|
||||
==1154== by 0x4A4E6CA: vnc_connection_coroutine (vncconnection.c:5650)
|
||||
==1154== by 0x4A51BCE: coroutine_trampoline (coroutine_ucontext.c:55)
|
||||
==1154== by 0x5BD81FF: ??? (in /usr/lib64/libc-2.28.so)
|
||||
==1154== by 0x175DB277: ???
|
||||
==1154== Address 0x1847fcf0 is 384 bytes inside a block of size 6,496 free'd
|
||||
==1154== at 0x4839A0C: free (vg_replace_malloc.c:540)
|
||||
==1154== by 0x4A4B019: vnc_connection_start_tls (vncconnection.c:4466)
|
||||
==1154== by 0x4A4CBE8: vnc_connection_perform_auth_vencrypt (vncconnection.c:4708)
|
||||
==1154== by 0x4A4CBE8: vnc_connection_perform_auth (vncconnection.c:4818)
|
||||
==1154== by 0x4A4CBE8: vnc_connection_initialize (vncconnection.c:5415)
|
||||
==1154== by 0x4A4E50F: vnc_connection_coroutine (vncconnection.c:5639)
|
||||
==1154== by 0x4A51BCE: coroutine_trampoline (coroutine_ucontext.c:55)
|
||||
==1154== by 0x5BD81FF: ??? (in /usr/lib64/libc-2.28.so)
|
||||
==1154== by 0x175DB277: ???
|
||||
==1154== Block was alloc'd at
|
||||
==1154== at 0x483AB1A: calloc (vg_replace_malloc.c:762)
|
||||
==1154== by 0x60B6FDE: gnutls_init (state.c:465)
|
||||
==1154== by 0x4A4AB28: vnc_connection_start_tls (vncconnection.c:4434)
|
||||
==1154== by 0x4A4CBE8: vnc_connection_perform_auth_vencrypt (vncconnection.c:4708)
|
||||
==1154== by 0x4A4CBE8: vnc_connection_perform_auth (vncconnection.c:4818)
|
||||
==1154== by 0x4A4CBE8: vnc_connection_initialize (vncconnection.c:5415)
|
||||
==1154== by 0x4A4E50F: vnc_connection_coroutine (vncconnection.c:5639)
|
||||
==1154== by 0x4A51BCE: coroutine_trampoline (coroutine_ucontext.c:55)
|
||||
==1154== by 0x5BD81FF: ??? (in /usr/lib64/libc-2.28.so)
|
||||
==1154== by 0x175DB277: ???
|
||||
|
||||
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
||||
(cherry picked from commit 7879ae9c747b4e95bb3850c4e67ca57d3ded82e3)
|
||||
Resolves: rhbz#1665837
|
||||
---
|
||||
src/vncconnection.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/vncconnection.c b/src/vncconnection.c
|
||||
index 7b15211..5321731 100644
|
||||
--- a/src/vncconnection.c
|
||||
+++ b/src/vncconnection.c
|
||||
@@ -4512,6 +4512,7 @@ static gboolean vnc_connection_start_tls(VncConnection *conn, int anonTLS)
|
||||
|
||||
deinit:
|
||||
gnutls_deinit(priv->tls_session);
|
||||
+ priv->tls_session = NULL;
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -32,11 +32,18 @@
|
||||
Summary: A GTK2 widget for VNC clients
|
||||
Name: gtk-vnc
|
||||
Version: 0.9.0
|
||||
Release: 1%{?dist}%{?extra_release}
|
||||
Release: 2%{?dist}%{?extra_release}
|
||||
License: LGPLv2+
|
||||
Source: http://ftp.gnome.org/pub/GNOME/sources/%{name}/0.5/%{name}-%{version}.tar.xz
|
||||
Patch1: 0001-fix-crash-when-connection-fails-early.patch
|
||||
Patch2: 0002-gvnc-1.0.pc.in-Use-GLIB_REQUIRED.patch
|
||||
Patch3: 0003-sasl-Factor-common-code-auth-failure.patch
|
||||
Patch4: 0004-sasl-Emit-vnc-auth-failure-signal-on-SASL-auth-failu.patch
|
||||
Patch5: 0005-conn-Report-error-if-vnc_connection_perform_auth_vnc.patch
|
||||
Patch6: 0006-conn-Remove-redundant-vnc_connection_has_error-calls.patch
|
||||
Patch7: 0007-conn-Use-vnc_connection_has_error-extensively.patch
|
||||
Patch8: 0008-vnc_connection_start_tls-add-deinit-label.patch
|
||||
Patch9: 0009-vnc_connection_start_tls-set-tls_session-to-NULL-aft.patch
|
||||
URL: https://wiki.gnome.org/Projects/gtk-vnc
|
||||
Requires: gvnc = %{version}-%{release}
|
||||
%if %{with_gtk2}
|
||||
@ -159,6 +166,13 @@ Libraries, includes, etc. to compile with the gtk-vnc library
|
||||
cd gtk-vnc-%{version}
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
cd ..
|
||||
|
||||
%if %{with_gtk3}
|
||||
@ -322,6 +336,10 @@ rm -f %{buildroot}%{_libdir}/*.la
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Nov 28 2019 Daniel P. Berrangé <berrange@redhat.com> - 0.9.0-2
|
||||
- Fix crash when TLS handshake fails (rhbz #1665837)
|
||||
- Ensure auth failure signal is emitted when SASL fails (rhbz #1688275)
|
||||
|
||||
* Thu Aug 30 2018 Daniel P. Berrangé <berrange@redhat.com> - 0.9.0-1
|
||||
- Update to 0.9.0 release
|
||||
- Use gcrypt for DES impl instead of local DES impl (rhbz #1618426)
|
||||
|
Loading…
Reference in New Issue
Block a user