Skip to content

Commit 7af9b2b

Browse files
chhitzchhitz
committed
handle failure in encrypt_rfbdes() in callers
1 parent 042a816 commit 7af9b2b

File tree

2 files changed

+29
-8
lines changed

2 files changed

+29
-8
lines changed

src/common/vncauth.c

Lines changed: 20 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,10 @@ rfbEncryptAndStorePasswd(char *passwd, char *fname)
102102

103103
/* Do encryption in-place - this way we overwrite our copy of the plaintext
104104
password */
105-
encrypt_rfbdes(encryptedPasswd, &out_len, fixedkey, encryptedPasswd, sizeof(encryptedPasswd));
105+
if (encrypt_rfbdes(encryptedPasswd, &out_len, fixedkey, encryptedPasswd, sizeof(encryptedPasswd)) == 0) {
106+
fclose(fp);
107+
return 1;
108+
}
106109

107110
for (i = 0; i < 8; i++) {
108111
putc(encryptedPasswd[i], fp);
@@ -180,7 +183,7 @@ rfbRandomBytes(unsigned char *bytes)
180183
* Encrypt CHALLENGESIZE bytes in memory using a password.
181184
*/
182185

183-
void
186+
int
184187
rfbEncryptBytes(unsigned char *bytes, char *passwd)
185188
{
186189
unsigned char key[8];
@@ -197,19 +200,30 @@ rfbEncryptBytes(unsigned char *bytes, char *passwd)
197200
}
198201
}
199202

200-
encrypt_rfbdes(bytes, &out_len, key, bytes, CHALLENGESIZE);
203+
if (encrypt_rfbdes(bytes, &out_len, key, bytes, CHALLENGESIZE) == 0) {
204+
fclose(fp);
205+
return 1;
206+
}
207+
return 0;
201208
}
202209

203-
void
210+
int
204211
rfbEncryptBytes2(unsigned char *where, const int length, unsigned char *key) {
205212
int i, j, out_len;
206213
for (i = 0; i< 8; i++)
207214
where[i] ^= key[i];
208-
encrypt_rfbdes(where, &out_len, key, where, 8);
215+
if (encrypt_rfbdes(where, &out_len, key, where, 8) == 0) {
216+
fclose(fp);
217+
return 1;
218+
}
209219
for (i = 8; i < length; i += 8) {
210220
for (j = 0; j < 8; j++) {
211221
where[i + j] ^= where[i + j - 8];
212222
}
213-
encrypt_rfbdes(where + i, &out_len, key, where + i, 8);
223+
if (encrypt_rfbdes(where + i, &out_len, key, where + i, 8) == 0) {
224+
fclose(fp);
225+
return 1;
226+
}
214227
}
228+
return 0;
215229
}

src/libvncserver/main.c

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -792,7 +792,11 @@ static rfbBool rfbDefaultPasswordCheck(rfbClientPtr cl,const char* response,int
792792
return(FALSE);
793793
}
794794

795-
rfbEncryptBytes(cl->authChallenge, passwd);
795+
if (rfbEncryptBytes(cl->authChallenge, passwd) != 0) {
796+
rfbErr("Encryption failed\n");
797+
free(passwd);
798+
return(FALSE);
799+
}
796800

797801
/* Lose the password from memory */
798802
for (i = strlen(passwd); i >= 0; i--) {
@@ -820,7 +824,10 @@ rfbBool rfbCheckPasswordByList(rfbClientPtr cl,const char* response,int len)
820824
for(passwds=(char**)cl->screen->authPasswdData;*passwds;passwds++,i++) {
821825
uint8_t auth_tmp[CHALLENGESIZE];
822826
memcpy((char *)auth_tmp, (char *)cl->authChallenge, CHALLENGESIZE);
823-
rfbEncryptBytes(auth_tmp, *passwds);
827+
if (rfbEncryptBytes(auth_tmp, *passwds) != 0) {
828+
rfbErr("Encryption failed\n");
829+
return(FALSE);
830+
}
824831

825832
if (memcmp(auth_tmp, response, len) == 0) {
826833
if(i>=cl->screen->authPasswdFirstViewOnly)

0 commit comments

Comments
 (0)