pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2026-01-03 15:58:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,786 Commits 29 Branches 62 Tags 9.6 MiB
C++ 62%
C 28.6%
Makefile 4%
M4 3%
Meson 0.9%
Other 1.5%
8af6190096
Go to file
Christophe Fergeau 8af6190096 Fix buffer overflow when decrypting client SPICE ticket 
reds_handle_ticket uses a fixed size 'password' buffer for the decrypted
password whose size is SPICE_MAX_PASSWORD_LENGTH. However,
RSA_private_decrypt which we call for the decryption expects the
destination buffer to be at least RSA_size(link->tiTicketing.rsa)
bytes long. On my spice-server build, SPICE_MAX_PASSWORD_LENGTH
is 60 while RSA_size() is 128, so we end up overflowing 'password'
when using long passwords (this was reproduced using the string:
'fullscreen=1proxy=#enter proxy here; e.g spice_proxy = http://[proxy]:[port]'
as a password).

When the overflow occurs, QEMU dies with:
*** stack smashing detected ***: qemu-system-x86_64 terminated

This commit ensures we use a corectly sized 'password' buffer,
and that it's correctly nul-terminated so that we can use strcmp
instead of strncmp. To keep using strncmp, we'd need to figure out
which one of 'password' and 'taTicket.password' is the smaller buffer,
and use that size.

This fixes rhbz#999839
2013-10-30 10:40:50 +01:00
build-aux add git-version-gen and gitlog-to-changelog 2012-10-19 14:15:06 +02:00
client Remove tunneling support 2013-10-28 11:12:27 +01:00
docs docs/Spice_for_newbies.odt: some updates - added copy paste and wan mention, removed vdi_port 2012-01-22 15:13:32 +02:00
m4 Use latest warnings.m4 from gnulib 2013-10-10 11:20:08 +02:00
server Fix buffer overflow when decrypting client SPICE ticket 2013-10-30 10:40:50 +01:00
spice-common@7e8ba10779 Update spice-common 2013-10-07 16:32:06 +02:00
tests tests/migrate.py: add --vdagent 2011-08-23 17:01:14 +03:00
tools Add casts for compatibility purposes 2012-02-14 10:44:49 +02:00
uncrustify_cfg fresh start 2009-10-14 15:06:41 +02:00
.gitignore Don't ignore all of m4/ in .gitignore 2013-10-10 11:17:17 +02:00
.gitmodules Use the spice-common submodule 2012-03-25 18:59:10 +02:00
.mailmap Add recent new committers to AUTHORS file / mailmap 2012-04-25 09:49:29 +01:00
AUTHORS syntax-check: update AUTHORS 2013-07-16 23:37:28 +03:00
autogen.sh Use the spice-common submodule 2012-03-25 18:59:10 +02:00
cfg.mk Add a few more syntax-check exemptions 2012-04-25 09:49:32 +01:00
ChangeLog fresh start 2009-10-14 15:06:41 +02:00
configure.ac Remove tunneling support 2013-10-28 11:12:27 +01:00
COPYING Relicense everything from GPL to LGPL 2.1+ 2010-04-13 22:22:15 +02:00
GNUmakefile Add a 'syntax-check' make target 2012-01-13 18:12:00 +02:00
maint.mk syntax-check: trailing whitespaces -- ignore binary files 2013-07-17 01:59:32 +03:00
Makefile.am add git-version-gen and gitlog-to-changelog 2012-10-19 14:15:06 +02:00
NEWS Release 0.12.4 2013-07-17 18:32:58 +03:00
README Remove tunneling support 2013-10-28 11:12:27 +01:00
spice-server.pc.in spice-server.pc.in: move Requires to Requires.private 2011-10-23 11:26:30 +02:00
TODO.multiclient Remove trailing whitespace from end of lines 2012-01-13 18:11:59 +02:00

README 

   SPICE: Simple Protocol for Independent Computing Environments
   =============================================================

SPICE is a remote display system built for virtual environments which
allows you to view a computing 'desktop' environment not only on the
machine where it is running, but from anywhere on the Internet and
from a wide variety of machine architectures.

Installation
------------

The SPICE package uses GNU autotools, so the build install process
follows the standard process documented in the INSTALL file. As a
quick start you can do

  ./configure --prefix=/usr --sysconfdir=/etc \
        --localstatedir=/var --libdir=/usr/lib
  make
  sudo make install

Or to install into a private user specific location

  ./configure --prefix=$HOME/spice
  make
  make install

The following mandatory dependancies are required in order to
build SPICE

    Spice protocol >= 0.9.0
    Celt           >= 0.5.1.1, < 0.6.0
    Pixman         >= 0.17.7
    OpenSSL
    libjpeg
    zlib
    Cyrus-SASL

The following optional dependancies increase the available
functionality

    GE Gui         >= 0.6.0,  < 0.7.0   (GUI app support)
    OpenGL                              (GUI app support)
    Alsa                                (Linux support)
    XRandR         >= 1.2               (X11 support)
    Xinerama       >= 1.0               (X11 support)
    libcacard      >= 0.1.2             (Smartcard support)

Communication
-------------

To communicate with the development team, or to post patches
there is a technical mailing list:

   http://lists.freedesktop.org/mailman/listinfo/spice-devel

There is also a mailing list for new release announcements:

   http://lists.freedesktop.org/archives/spice-announce/

To view known bugs, or report new bugs, in SPICE visit

   https://bugs.freedesktop.org/describecomponents.cgi?product=Spice

Bugs found when using an OS distribution's binary packages should
be reported to the OS vendors' own bug tracker first.

The latest SPICE code can be found in GIT at:

   http://cgit.freedesktop.org/spice/

Licensing
---------

SPICE is provided under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

Please see the COPYING file for the complete LGPLv2+ license
terms, or visit <http://www.gnu.org/licenses/>.

Experimental Features
---------------------
To enable multiple client connections, set:
SPICE_DEBUG_ALLOW_MC=1

-- End of readme