qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2 07/14] ui/vnc: Use qcrypto_random_bytes for m

From: Richard Henderson
Subject: Re: [Qemu-devel] [PATCH v2 07/14] ui/vnc: Use qcrypto_random_bytes for make_challenge
Date: Thu, 14 Mar 2019 15:27:22 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 
On 3/14/19 2:43 PM, Philippe Mathieu-Daudé wrote:
> On 3/14/19 4:39 PM, Daniel P. Berrangé wrote:
>> On Wed, Mar 13, 2019 at 09:55:19PM -0700, Richard Henderson wrote:
>>>  static void make_challenge(VncState *vs)
>>>  {
>>> -    int i;
>>> -
>>> -    srand(time(NULL)+getpid()+getpid()*987654+rand());
>>> -
>>> -    for (i = 0 ; i < sizeof(vs->challenge) ; i++)
>>> -        vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
>>> +    qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), 
>>> &error_fatal);
>>>  }
>>
>> Old code would not fail, but the new code can. So make_challenge needs
>> to return an error to the caller, which must then drop the client conn.
> 
> Is the old code equivalent to using a NULL errp?
> 
>   qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), NULL);

No, since it doesn't initialize challenge to anything.
Daniel is right that I must do more to fail the session.
Will be done in v3.


r~
reply via email to
[Prev in Thread] Current Thread [Next in Thread]