[PULL 12/14] ui: fix handling of NULL SASL server data

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Wainer dos Santos Moschetta" <wainersm@redhat.com>,
	"Daniel P. Berrangé" <berrange@redhat.com>,
	"Marc-André Lureau" <marcandre.lureau@redhat.com>,
	"Philippe Mathieu-Daudé" <philmd@linaro.org>,
	"Thomas Huth" <thuth@redhat.com>,
	"Alex Bennée" <alex.bennee@linaro.org>
Subject: [PULL 12/14] ui: fix handling of NULL SASL server data
Date: Tue, 22 Oct 2024 16:24:13 +0100	[thread overview]
Message-ID: <20241022152415.1632556-13-berrange@redhat.com> (raw)
In-Reply-To: <20241022152415.1632556-1-berrange@redhat.com>

The code is supposed to distinguish between SASL server data that
is NULL, vs non-NULL but zero-length. It was incorrectly checking
the 'serveroutlen' variable, rather than 'serverout' though, so
failing to distinguish the cases.

Fortunately we can fix this without breaking compatibility with
clients, as clients already know how to decode the input data
correctly.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 ui/vnc-auth-sasl.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c
index 25f6b4b776..a04feeb429 100644
--- a/ui/vnc-auth-sasl.c
+++ b/ui/vnc-auth-sasl.c
@@ -289,9 +289,10 @@ static int protocol_client_auth_sasl_step(VncState *vs, uint8_t *data, size_t le
         goto authabort;
     }
 
-    if (serveroutlen) {
+    if (serverout) {
         vnc_write_u32(vs, serveroutlen + 1);
-        vnc_write(vs, serverout, serveroutlen + 1);
+        vnc_write(vs, serverout, serveroutlen);
+        vnc_write_u8(vs, '\0');
     } else {
         vnc_write_u32(vs, 0);
     }
@@ -410,9 +411,10 @@ static int protocol_client_auth_sasl_start(VncState *vs, uint8_t *data, size_t l
         goto authabort;
     }
 
-    if (serveroutlen) {
+    if (serverout) {
         vnc_write_u32(vs, serveroutlen + 1);
-        vnc_write(vs, serverout, serveroutlen + 1);
+        vnc_write(vs, serverout, serveroutlen);
+        vnc_write_u8(vs, '\0');
     } else {
         vnc_write_u32(vs, 0);
     }
-- 
2.46.0

next prev parent reply	other threads:[~2024-10-22 15:25 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-22 15:24 [PULL 00/14] Misc fixes patches Daniel P. Berrangé
2024-10-22 15:24 ` [PULL 01/14] crypto: Remove unused DER string functions Daniel P. Berrangé
2024-10-22 15:24 ` [PULL 02/14] sockets: Remove deadcode Daniel P. Berrangé
2024-10-22 15:24 ` [PULL 03/14] util: don't set SO_REUSEADDR on client sockets Daniel P. Berrangé
2024-10-22 15:24 ` [PULL 04/14] crypto/hash: avoid overwriting user supplied result pointer Daniel P. Berrangé
2024-10-22 15:24 ` [PULL 05/14] tests: correctly validate result buffer in hash/hmac tests Daniel P. Berrangé
2024-10-22 15:24 ` [PULL 06/14] include/crypto: clarify @result/@result_len for hash/hmac APIs Daniel P. Berrangé
2024-10-22 15:24 ` [PULL 07/14] crypto/hash-afalg: Fix broken build Daniel P. Berrangé
2024-10-22 15:24 ` [PULL 08/14] ui/vnc: don't return an empty SASL mechlist to the client Daniel P. Berrangé
2024-10-22 15:24 ` [PULL 09/14] ui/vnc: don't raise error formatting socket address for non-inet Daniel P. Berrangé
2024-10-22 15:24 ` [PULL 10/14] ui/vnc: fix skipping SASL SSF on UNIX sockets Daniel P. Berrangé
2024-10-22 15:24 ` [PULL 11/14] ui/vnc: don't check for SSF after SASL authentication " Daniel P. Berrangé
2024-10-22 15:24 ` Daniel P. Berrangé [this message]
2024-10-22 15:24 ` [PULL 13/14] ui: validate NUL byte padding in SASL client data more strictly Daniel P. Berrangé
2024-10-22 15:24 ` [PULL 14/14] gitlab: enable afalg tests in fedora system test Daniel P. Berrangé
2024-10-24 14:20 ` [PULL 00/14] Misc fixes patches Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:25f6b4b77 dfblob:a04feeb42 )
 OR (
bs:"[PULL 12/14] ui: fix handling of NULL SASL server data" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241022152415.1632556-13-berrange@redhat.com \
    --to=berrange@redhat.com \
    --cc=alex.bennee@linaro.org \
    --cc=marcandre.lureau@redhat.com \
    --cc=philmd@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=thuth@redhat.com \
    --cc=wainersm@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).