ui/vnc: Use gcrypto_random_bytes for start_auth_vnc
Use a better interface for random numbers than rand(). Fail gracefully if for some reason we cannot use the crypto system. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This commit is contained in:
Richard Henderson
parent
4347e6383f
commit
f7b2502cdc
22
ui/vnc.c
22
ui/vnc.c
|
|
@ -43,6 +43,7 @@
|
|||
#include "crypto/hash.h"
|
||||
#include "crypto/tlscredsanon.h"
|
||||
#include "crypto/tlscredsx509.h"
|
||||
#include "crypto/random.h"
|
||||
#include "qom/object_interfaces.h"
|
||||
#include "qemu/cutils.h"
|
||||
#include "io/dns-resolver.h"
|
||||
|
|
@ -2547,16 +2548,6 @@ static void authentication_failed(VncState *vs)
|
|||
vnc_client_error(vs);
|
||||
}
|
||||
|
||||
static void make_challenge(VncState *vs)
|
||||
{
|
||||
int i;
|
||||
|
||||
srand(time(NULL)+getpid()+getpid()*987654+rand());
|
||||
|
||||
for (i = 0 ; i < sizeof(vs->challenge) ; i++)
|
||||
vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
|
||||
}
|
||||
|
||||
static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
|
||||
{
|
||||
unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
|
||||
|
|
@ -2628,7 +2619,16 @@ reject:
|
|||
|
||||
void start_auth_vnc(VncState *vs)
|
||||
{
|
||||
make_challenge(vs);
|
||||
Error *err = NULL;
|
||||
|
||||
if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
|
||||
trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
|
||||
error_get_pretty(err));
|
||||
error_free(err);
|
||||
authentication_failed(vs);
|
||||
return;
|
||||
}
|
||||
|
||||
/* Send client a 'random' challenge */
|
||||
vnc_write(vs, vs->challenge, sizeof(vs->challenge));
|
||||
vnc_flush(vs);
|
||||
|
|
|
|||
Loading…
Reference in New Issue