From 24505953605d401b14f6df5e6f7b8a8ae86c0cdc Mon Sep 17 00:00:00 2001 From: Zachary Amsden Date: Thu, 3 Feb 2011 15:46:49 -0200 Subject: [PATCH 27/28] Fix CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication RH-Author: Zachary Amsden Message-id: <4D4ACDE9.20300@redhat.com> Patchwork-id: 17636 O-Subject: Re: [virt-devel] [RHEL 6.1 qemu PATCH] Fix CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication Bugzilla: 667976 CVE: CVE-2011-0011 RH-Acked-by: Alex Williamson RH-Acked-by: Petr Matousek RH-Acked-by: Daniel P. Berrange From ab677787bfc5b5c169f573564f6dc1cfaf631bbe Mon Sep 17 00:00:00 2001 From: Zachary Amsden Date: Thu, 3 Feb 2011 10:15:35 -0500 Subject: [PATCH] VNC authentication error VNC authentication should not be disabled by clearing the password; if configured, it should remain enabled. Signed-off-by: Zachary Amsden --- vnc.c | 5 ----- 1 files changed, 0 insertions(+), 5 deletions(-) Signed-off-by: Luiz Capitulino --- vnc.c | 5 ----- 1 files changed, 0 insertions(+), 5 deletions(-) diff --git a/vnc.c b/vnc.c index eae12ce..0f19af3 100644 --- a/vnc.c +++ b/vnc.c @@ -2528,11 +2528,6 @@ int vnc_display_password(DisplayState *ds, const char *password) if (password && password[0]) { if (!(vs->password = qemu_strdup(password))) return -1; - if (vs->auth == VNC_AUTH_NONE) { - vs->auth = VNC_AUTH_VNC; - } - } else { - vs->auth = VNC_AUTH_NONE; } return 0; -- 1.7.4.rc1.16.gd2f15e