Re: [Tigervnc-devel] potential vulnerability in TLS secType?

Thu, 05 May 2011 08:22:41 -0700 

On Thu, May 05, 2011 at 07:01:49AM -0400, Brian Hinz wrote:
> Wouldn't this (also untested) work as well, and have the advantage of
> relying on gnutls to verify that the handshake was completed?
> 
> diff -Nr -C 6 rfb.unix/CSecurityTLS.cxx.bak rfb.unix/CSecurityTLS.cxx
> *** rfb.unix/CSecurityTLS.cxx.bak 2011-05-05 06:54:11.018963720 -0400
> --- rfb.unix/CSecurityTLS.cxx 2011-05-05 06:55:24.826533250 -0400
> ***************
> *** 168,182 ****
>     initGlobal();
> 
>     if (!session) {
>       if (!is->checkNoWait(1))
>         return false;
> 
> -     if (is->readU8() == 0)
> -       return true;
> -
>       if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS)
>         throw AuthFailureException("gnutls_init failed");
> 
>       if (gnutls_set_default_priority(session) != GNUTLS_E_SUCCESS)
>         throw AuthFailureException("gnutls_set_default_priority failed");
> 
> --- 168,179 ----
> ***************
> *** 197,208 ****
> --- 194,208 ----
>     if (err != GNUTLS_E_SUCCESS) {
>       vlog.error("TLS Handshake failed: %s\n", gnutls_strerror (err));
>       shutdown(false);
>       throw AuthFailureException("TLS Handshake failed");
>     }
> 
> +     if (is->readU8() == 0)
> +       return true;
> +
>     checkSession();
> 
>     cc->setStreams(fis = new rdr::TLSInStream(is, session),
>    fos = new rdr::TLSOutStream(os, session));
> 
>     return true;

The readU8 is a flag to signal by the server to the client, that
it can't start the handshake and therefore has to sent the error as plaintext 
back
(eg because it can't read the certificate).

Your are proposing a different protocol, which don't allow to return an error 
message before the handshake completed.

Regards,
Martin K?gler



------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel

Reply via email to