On Tue, Jun 28, 2016 at 02:45:15PM +0200, Jiri Denemark wrote:
Setting an empty vnc_password in qemu.conf is documented as a way to
disable VNC access, but QEMU does not seem to behave like that. Let's
enforce the behavior by setting password expiration to "now".
Note, this has no effect on setting an empty //graphics@passwd in
domain XML. Users may use //graphics@passwdValidTo to enforce the same
behavior.
https://bugzilla.redhat.com/show_bug.cgi?id=1180092
Please reference newly assigned CVE-2016-5008 in the commit message
before pushing.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/qemu/qemu_hotplug.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index e0b8230..91f48dc 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -3970,6 +3970,8 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
snprintf(expire_time, sizeof(expire_time), "now");
else
snprintf(expire_time, sizeof(expire_time), "%lu", (long
unsigned)auth->validTo);
+ } else if (!auth->passwd && defaultPasswd && defaultPasswd[0] ==
'\0') {
+ snprintf(expire_time, sizeof(expire_time), "now");
} else {
snprintf(expire_time, sizeof(expire_time), "never");
}
Not shown in this patch is the earlier condition if (auth->expires).
IOW, if you set the empty password, but also have an expiry time
set we'll still be allowing access. Now admittedly setting an
empty password and also an expiry time is fairly pointless, but
I can easily see apps mistakenly doing this. So we should check
the empty password as the first branch in the condition.
Regards,
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|