VNC/RFB: QEMU reports incorrect name (length)

Bug #1637447 reported by Jakob van Kruijssen
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Fix Released
Undecided
Unassigned

Bug Description

If the name of a machine (as set with the -name argument) has a length longer than 1024, (RFB) VNC clients will not receive a correct RFB ServerInit message.

I suspect this is the problem:

https://github.com/qemu/qemu/blob/v2.7.0-rc5/ui/vnc.c#L2459

The return value of snprintf is used as the value for the name-length field in the ServerInit message.
This is problematic for names that were truncated to 1024, as the length will now be bigger than the actual name.

I think a quick fix would be to simply report min(size,1024) to the client...

Tags: rfb vnc
description: updated
Revision history for this message
Daniel Berrange (berrange) wrote :

The right fix here is to switch to use g_strdup_printf and avoid a fixed length stack buffer entirely.

Revision history for this message
Thomas Huth (th-huth) wrote :
Changed in qemu:
status: New → Fix Committed
Thomas Huth (th-huth)
Changed in qemu:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.