rpms/tigervnc
5
0
Fork 0
Code Issues Pull Requests Releases Activity
c2263a87d8
tigervnc/tigervnc11-CVE-2011-1775.patch
Adam Tkac c2263a87d8 Viewer can send password without proper validation of X.509 certs (CVE-2011-1775). 
Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-05-10 11:54:44 +02:00

23 lines
789 B
Diff
Raw Blame History

Index: common/rfb/CSecurityTLS.cxx
===================================================================
--- common/rfb/CSecurityTLS.cxx (revision 4399)
+++ common/rfb/CSecurityTLS.cxx (revision 4400)
@@ -171,8 +171,15 @@
if (!is->checkNoWait(1))
return false;
- if (is->readU8() == 0)
- return true;
+ if (is->readU8() == 0) {
+ rdr::U32 result = is->readU32();
+ CharArray reason;
+ if (result == secResultFailed || result == secResultTooMany)
+ reason.buf = is->readString();
+ else
+ reason.buf = strDup("Authentication failure (protocol error)");
+ throw AuthFailureException(reason.buf);
+ }
if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_init failed");
Reference in New Issue View Git Blame Copy Permalink