Contents of /trunk/tigervnc/patches/tigervnc-1.0.90-CVE-2011-1775.patch
Parent Directory | Revision Log
Revision 1524 -
(show annotations)
(download)
Thu Sep 8 21:58:14 2011 UTC (13 years ago) by niro
File size: 789 byte(s)
Thu Sep 8 21:58:14 2011 UTC (13 years ago) by niro
File size: 789 byte(s)
added fedora patches
1 | Index: common/rfb/CSecurityTLS.cxx |
2 | =================================================================== |
3 | --- common/rfb/CSecurityTLS.cxx (revision 4399) |
4 | +++ common/rfb/CSecurityTLS.cxx (revision 4400) |
5 | @@ -171,8 +171,15 @@ |
6 | if (!is->checkNoWait(1)) |
7 | return false; |
8 | |
9 | - if (is->readU8() == 0) |
10 | - return true; |
11 | + if (is->readU8() == 0) { |
12 | + rdr::U32 result = is->readU32(); |
13 | + CharArray reason; |
14 | + if (result == secResultFailed || result == secResultTooMany) |
15 | + reason.buf = is->readString(); |
16 | + else |
17 | + reason.buf = strDup("Authentication failure (protocol error)"); |
18 | + throw AuthFailureException(reason.buf); |
19 | + } |
20 | |
21 | if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS) |
22 | throw AuthFailureException("gnutls_init failed"); |