From nobody Sun May  5 12:06:10 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639651779; cv=none;
	d=zohomail.com; s=zohoarc;
	b=O1l/0XXbiS+98EidgifOd5zHwIOeYW/EwjnCBfmyHrOhqTn8Y/HlXFjXjX95tHQor4TTPnxNIlbf4HYHg/Qhmt213W51tAYBI8gZnKjHwnj4B6JO19ZZa2XoOVTbCUDeMF4Z+ygraUhuA0sK9qlf3i0Qig2A2gPo/ao02CjEmcU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639651779;
 h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=nyKmz59dPGiAa7Z2aXkBKP8cNjLFC9rYifTjFZCTtLI=;
	b=RVwkG26cjVsy7ryPRqvQCgCCXcCNxxkoXrXcC4bpAWQABMZMZz7m1QYbW6yrbJltlw+7p4YYzz/FeT7wJdLgKPT/arwqgyfkeg6w87hlMQi14493rwaXMlX5uLZzE3/ajvdy1rHEknSSBcWwspSYsunVmM1KLJYkL1nrNUPmeTQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1639651779019273.1907420568373;
 Thu, 16 Dec 2021 02:49:39 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-231-cm8zQ8UUPZuDcg11cBEVZg-1; Thu, 16 Dec 2021 05:49:33 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 02C331019982;
	Thu, 16 Dec 2021 10:49:16 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id BFEA57EFC0;
	Thu, 16 Dec 2021 10:49:13 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 394634BB7C;
	Thu, 16 Dec 2021 10:49:10 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BGAn7Aa009859 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 16 Dec 2021 05:49:07 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id B988898A91; Thu, 16 Dec 2021 10:49:07 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.194.185])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 159D198A8E;
	Thu, 16 Dec 2021 10:48:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639651777;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=nyKmz59dPGiAa7Z2aXkBKP8cNjLFC9rYifTjFZCTtLI=;
	b=QqkE6JelT7F30hzL7uQqicYK2OFthx9g4CwOuJfNPMU27yuWb6W39nZURbpa2AwqiPiJGb
	cFMboaBMwrgiaP8H2NMlxsSJUELMEMeeBnkuViIkQdCykBNY5wqsk5B0+djwOD87iipKkg
	7+evJGYMSuIuK9EnWmOTX0nON9yQg4k=
X-MC-Unique: cm8zQ8UUPZuDcg11cBEVZg-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH] qemu: validate VNC password length
Date: Thu, 16 Dec 2021 10:48:53 +0000
Message-Id: <20211216104853.3568446-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639651779489100001

The VNC password authentication scheme is quite horrendous in that it
takes the user password and directly uses it as a DES case. DES is a
byte 8 keyed cipher, so the VNC password can never be more than 8
characters long. Anything over that length will be silently dropped.

We should validate this length restriction when accepting user XML
configs and report an error. For the global VNC password we don't
really want to break daemon startup by reporting an error, but
logging a warning is worthwhile.

https://bugzilla.redhat.com/show_bug.cgi?id=3D1506689
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/qemu/qemu_conf.c     | 6 ++++++
 src/qemu/qemu_validate.c | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 7eb04e66a0..6077457ff4 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -451,6 +451,12 @@ virQEMUDriverConfigLoadVNCEntry(virQEMUDriverConfig *c=
fg,
     if (virConfGetValueBool(conf, "vnc_allow_host_audio", &cfg->vncAllowHo=
stAudio) < 0)
         return -1;
=20
+    if (cfg->vncPassword &&
+        strlen(cfg->vncPassword) > 8) {
+        VIR_WARN("VNC password is %zu characters long, only 8 permitted, t=
runcating",
+                 strlen(cfg->vncPassword));
+        cfg->vncPassword[8] =3D '\0';
+    }
     return 0;
 }
=20
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index f9a195e991..46b40303f6 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -4109,6 +4109,14 @@ qemuValidateDomainDeviceDefVNCGraphics(const virDoma=
inGraphicsDef *graphics,
         return -1;
     }
=20
+    if (graphics->data.vnc.auth.passwd &&
+        strlen(graphics->data.vnc.auth.passwd) > 8) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("VNC password is %zu characters long, only 8 perm=
itted"),
+                       strlen(graphics->data.vnc.auth.passwd));
+        return -1;
+    }
+
     return 0;
 }
=20
--=20
2.33.1