On Wed, May 04, 2011 at 10:51:06PM -0400, Brian Hinz wrote:
> I think that I just stumbled onto a possible security vulnerability in
> CSecurityTLS.  It seems as though CSecurityTLS::processMsg returns true
> before the handshake has completed (possibly due to the "if (is.readU8() ==
> 0)" test on line 174).  In the case of secTypes like x509plain, the user is
> prompted for a username and password (meaning the client is processing phase
> 2 of the security stack) before the certificate has been verified.  I
> noticed this while testing a known bad certificate - presumably this means
> that the username & password are sent in the clear since the TLS handshake
> never completes.

Thanks for spotting this. The server should send 0, if he can't start the 
handshake - so it
is still possible to sent the error messages back to the client.

The problem is, that a malicus server could send 0 and then authentification
succeded. It is caused by the fact, the I reused the common code for returing 
error message.

A solution can be, that the error fetching code from 
is inlined in CSecurityTLS::processMsg, like the following (untested):

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 6028792..17ed93c 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -171,8 +171,15 @@ bool CSecurityTLS::processMsg(CConnection* cc)
     if (!is->checkNoWait(1))
       return false;
-    if (is->readU8() == 0)
-      return true;
+    if (is->readU8() == 0) {
+      int result = is->readU32();
+      CharArray reason;
+      if (result == secResultFailed || result == secResultTooMany)
+        reason.buf = is->readString();
+      else
+        reason.buf = strDup("Authentication failure (protocol error)");
+      throw AuthFailureException(reason.buf);
+    }
     if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS)
       throw AuthFailureException("gnutls_init failed");

Martin K?gler

WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
Tigervnc-devel mailing list

Reply via email to