Browse Source

ui/vnc: Use gcrypto_random_bytes for start_auth_vnc

Use a better interface for random numbers than rand().
Fail gracefully if for some reason we cannot use the crypto system.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
master
Richard Henderson 3 months ago
parent
commit
f7b2502cdc
1 changed files with 11 additions and 11 deletions
  1. 11
    11
      ui/vnc.c

+ 11
- 11
ui/vnc.c View File

@@ -43,6 +43,7 @@
43 43
 #include "crypto/hash.h"
44 44
 #include "crypto/tlscredsanon.h"
45 45
 #include "crypto/tlscredsx509.h"
46
+#include "crypto/random.h"
46 47
 #include "qom/object_interfaces.h"
47 48
 #include "qemu/cutils.h"
48 49
 #include "io/dns-resolver.h"
@@ -2547,16 +2548,6 @@ static void authentication_failed(VncState *vs)
2547 2548
     vnc_client_error(vs);
2548 2549
 }
2549 2550
 
2550
-static void make_challenge(VncState *vs)
2551
-{
2552
-    int i;
2553
-
2554
-    srand(time(NULL)+getpid()+getpid()*987654+rand());
2555
-
2556
-    for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2557
-        vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2558
-}
2559
-
2560 2551
 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2561 2552
 {
2562 2553
     unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
@@ -2628,7 +2619,16 @@ reject:
2628 2619
 
2629 2620
 void start_auth_vnc(VncState *vs)
2630 2621
 {
2631
-    make_challenge(vs);
2622
+    Error *err = NULL;
2623
+
2624
+    if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2625
+        trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2626
+                            error_get_pretty(err));
2627
+        error_free(err);
2628
+        authentication_failed(vs);
2629
+        return;
2630
+    }
2631
+
2632 2632
     /* Send client a 'random' challenge */
2633 2633
     vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2634 2634
     vnc_flush(vs);

Loading…
Cancel
Save