qemu: Let empty default VNC password work as documented

CVE-2016-5008 Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now". https://bugzilla.redhat.com/show_bug.cgi?id=1180092 Signed-off-by: Jiri Denemark <jdenemar@redhat.com> (cherry picked from commit bb848feec0) (cherry picked from commit d933f68ee6)
2025-11-04 12:24:23 +03:00 · 2016-06-28 14:39:58 +02:00
parent 890fc0f1ff
commit f39de9abfd
1 changed files with 7 additions and 7 deletions
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -3462,6 +3462,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
    time_t now = time(NULL);
    char expire_time [64];
    const char *connected = NULL;
+    const char *password;
    int ret = -1;
    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);

@@ -3469,15 +3470,13 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
        ret = 0;
        goto cleanup;
    }
+    password = auth->passwd ? auth->passwd : defaultPasswd;

    if (auth->connected)
        connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected);

    qemuDomainObjEnterMonitor(driver, vm);
-    ret = qemuMonitorSetPassword(priv->mon,
-                                 type,
-                                 auth->passwd ? auth->passwd : defaultPasswd,
-                                 connected);
+    ret = qemuMonitorSetPassword(priv->mon, type, password, connected);

    if (ret == -2) {
        if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
@@ -3485,14 +3484,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
                           _("Graphics password only supported for VNC"));
            ret = -1;
        } else {
-            ret = qemuMonitorSetVNCPassword(priv->mon,
-                                            auth->passwd ? auth->passwd : defaultPasswd);
+            ret = qemuMonitorSetVNCPassword(priv->mon, password);
        }
    }
    if (ret != 0)
        goto end_job;

-    if (auth->expires) {
+    if (password[0] == '\0') {
+        snprintf(expire_time, sizeof(expire_time), "now");
+    } else if (auth->expires) {
        time_t lifetime = auth->validTo - now;
        if (lifetime <= 0)
            snprintf(expire_time, sizeof(expire_time), "now");