QEMU

VNC/RFB: QEMU reports incorrect name (length)

Bug #1637447 reported by Jakob van Kruijssen on 2016-10-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	QEMU	Fix Released	Undecided	Unassigned

Bug Description

If the name of a machine (as set with the -name argument) has a length longer than 1024, (RFB) VNC clients will not receive a correct RFB ServerInit message.

I suspect this is the problem:

https://github.com/qemu/qemu/blob/v2.7.0-rc5/ui/vnc.c#L2459

The return value of snprintf is used as the value for the name-length field in the ServerInit message.
This is problematic for names that were truncated to 1024, as the length will now be bigger than the actual name.

I think a quick fix would be to simply report min(size,1024) to the client...

See original description

Tags:

Jakob van Kruijssen (cardamon) on 2016-10-28

description:

updated

Revision history for this message

Daniel Berrange (berrange) wrote on 2016-10-28:

The right fix here is to switch to use g_strdup_printf and avoid a fixed length stack buffer entirely.

Revision history for this message

Thomas Huth (th-huth) wrote on 2017-01-11:

Fix has been committed: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=97efe4f961dcf5a0126

Changed in qemu:
status:	New → Fix Committed

Thomas Huth (th-huth) on 2017-04-24

Changed in qemu:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.