diff options
author | Richard Henderson <richard.henderson@linaro.org> | 2019-03-14 15:37:43 -0700 |
---|---|---|
committer | Richard Henderson <richard.henderson@linaro.org> | 2019-05-22 12:38:54 -0400 |
commit | f7b2502cdc2eeb458a4490c1b8f4a83c07d46219 (patch) | |
tree | 3612248269e460c43bb21733e3c6d0ca671fabaa /ui/vnc.c | |
parent | 4347e6383f17ae6b70af833b165862f9f338b0b9 (diff) |
ui/vnc: Use gcrypto_random_bytes for start_auth_vnc
Use a better interface for random numbers than rand().
Fail gracefully if for some reason we cannot use the crypto system.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Diffstat (limited to 'ui/vnc.c')
-rw-r--r-- | ui/vnc.c | 22 |
1 files changed, 11 insertions, 11 deletions
@@ -43,6 +43,7 @@ #include "crypto/hash.h" #include "crypto/tlscredsanon.h" #include "crypto/tlscredsx509.h" +#include "crypto/random.h" #include "qom/object_interfaces.h" #include "qemu/cutils.h" #include "io/dns-resolver.h" @@ -2547,16 +2548,6 @@ static void authentication_failed(VncState *vs) vnc_client_error(vs); } -static void make_challenge(VncState *vs) -{ - int i; - - srand(time(NULL)+getpid()+getpid()*987654+rand()); - - for (i = 0 ; i < sizeof(vs->challenge) ; i++) - vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); -} - static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) { unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; @@ -2628,7 +2619,16 @@ reject: void start_auth_vnc(VncState *vs) { - make_challenge(vs); + Error *err = NULL; + + if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) { + trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes", + error_get_pretty(err)); + error_free(err); + authentication_failed(vs); + return; + } + /* Send client a 'random' challenge */ vnc_write(vs, vs->challenge, sizeof(vs->challenge)); vnc_flush(vs); |