diff options
| author | Daniel P. Berrangé <berrange@redhat.com> | 2024-09-16 13:47:11 +0100 |
|---|---|---|
| committer | Daniel P. Berrangé <berrange@redhat.com> | 2024-10-22 11:44:23 +0100 |
| commit | 829cb3d0eab08e4fea768926f06db1c411a2767f (patch) | |
| tree | f2c7789728242c8d47e753a6af9260af77e6e8d9 /ui | |
| parent | 2b69564798f3cd43ab9bdf70a96d2373cb544a9a (diff) | |
| download | qemu-829cb3d0eab08e4fea768926f06db1c411a2767f.zip qemu-829cb3d0eab08e4fea768926f06db1c411a2767f.tar.gz qemu-829cb3d0eab08e4fea768926f06db1c411a2767f.tar.bz2 | |
ui: fix handling of NULL SASL server data
The code is supposed to distinguish between SASL server data that
is NULL, vs non-NULL but zero-length. It was incorrectly checking
the 'serveroutlen' variable, rather than 'serverout' though, so
failing to distinguish the cases.
Fortunately we can fix this without breaking compatibility with
clients, as clients already know how to decode the input data
correctly.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'ui')
| -rw-r--r-- | ui/vnc-auth-sasl.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c index 25f6b4b..a04feeb 100644 --- a/ui/vnc-auth-sasl.c +++ b/ui/vnc-auth-sasl.c @@ -289,9 +289,10 @@ static int protocol_client_auth_sasl_step(VncState *vs, uint8_t *data, size_t le goto authabort; } - if (serveroutlen) { + if (serverout) { vnc_write_u32(vs, serveroutlen + 1); - vnc_write(vs, serverout, serveroutlen + 1); + vnc_write(vs, serverout, serveroutlen); + vnc_write_u8(vs, '\0'); } else { vnc_write_u32(vs, 0); } @@ -410,9 +411,10 @@ static int protocol_client_auth_sasl_start(VncState *vs, uint8_t *data, size_t l goto authabort; } - if (serveroutlen) { + if (serverout) { vnc_write_u32(vs, serveroutlen + 1); - vnc_write(vs, serverout, serveroutlen + 1); + vnc_write(vs, serverout, serveroutlen); + vnc_write_u8(vs, '\0'); } else { vnc_write_u32(vs, 0); } |