Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 149043 Details for
Bug 230295
CVE-2007-0998 HVM guest VNC server allows compromise of entire host OS by any VNC console user
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch to remove QEMU monitor access from the VNC server
xen-remove-vnc-monitor.patch (text/plain), 2.99 KB, created by
Daniel Berrangé
on 2007-03-01 19:19:21 UTC
(
hide
)
Description:
Patch to remove QEMU monitor access from the VNC server
Filename:
MIME Type:
Creator:
Daniel Berrangé
Created:
2007-03-01 19:19:21 UTC
Size:
2.99 KB
patch
obsolete
>diff -rup xen-3.0.3_0-src-orig/tools/ioemu/vnc.c xen-3.0.3_0-src-new/tools/ioemu/vnc.c >--- xen-3.0.3_0-src-orig/tools/ioemu/vnc.c 2007-02-28 09:56:00.000000000 -0500 >+++ xen-3.0.3_0-src-new/tools/ioemu/vnc.c 2007-02-28 12:50:17.000000000 -0500 >@@ -113,8 +113,6 @@ struct VncState > int visible_w; > int visible_h; > >- int ctl_keys; /* Ctrl+Alt starts calibration */ >- int shift_keys; /* Shift / CapsLock keys */ > }; > > #define DIRTY_PIXEL_BITS 64 >@@ -854,95 +852,16 @@ static void pointer_event(VncState *vs, > > static void do_key_event(VncState *vs, int down, uint32_t sym) > { >+ int keycode; > sym &= 0xFFFF; > >- if (is_graphic_console()) { >- int keycode; >- >- keycode = keysym2scancode(vs->kbd_layout, sym); >- if (keycode & 0x80) >- kbd_put_keycode(0xe0); >- if (down) >- kbd_put_keycode(keycode & 0x7f); >- else >- kbd_put_keycode(keycode | 0x80); >- } else if (down) { >- int qemu_keysym = 0; >- >- if (sym <= 128) { /* normal ascii */ >- int shifted = vs->shift_keys == 1 || vs->shift_keys == 2; >- qemu_keysym = sym; >- if (sym >= 'a' && sym <= 'z' && shifted) >- qemu_keysym -= 'a' - 'A'; >- } else { >- switch (sym) { >- case XK_Up: qemu_keysym = QEMU_KEY_UP; break; >- case XK_Down: qemu_keysym = QEMU_KEY_DOWN; break; >- case XK_Left: qemu_keysym = QEMU_KEY_LEFT; break; >- case XK_Right: qemu_keysym = QEMU_KEY_RIGHT; break; >- case XK_Home: qemu_keysym = QEMU_KEY_HOME; break; >- case XK_End: qemu_keysym = QEMU_KEY_END; break; >- case XK_Page_Up: qemu_keysym = QEMU_KEY_PAGEUP; break; >- case XK_Page_Down: qemu_keysym = QEMU_KEY_PAGEDOWN; break; >- case XK_BackSpace: qemu_keysym = QEMU_KEY_BACKSPACE; break; >- case XK_Delete: qemu_keysym = QEMU_KEY_DELETE; break; >- case XK_Return: >- case XK_Linefeed: qemu_keysym = sym; break; >- default: break; >- } >- } >- if (qemu_keysym != 0) >- kbd_put_keysym(qemu_keysym); >- } >- >- if (down) { >- switch (sym) { >- case XK_Control_L: >- vs->ctl_keys |= 1; >- break; >- >- case XK_Alt_L: >- vs->ctl_keys |= 2; >- break; >- >- case XK_Shift_L: >- vs->shift_keys |= 1; >- break; >- >- default: >- break; >- } >- } else { >- switch (sym) { >- case XK_Control_L: >- vs->ctl_keys &= ~1; >- break; >- >- case XK_Alt_L: >- vs->ctl_keys &= ~2; >- break; >- >- case XK_Shift_L: >- vs->shift_keys &= ~1; >- break; >- >- case XK_Caps_Lock: >- vs->shift_keys ^= 2; >- break; >- >- case XK_1 ... XK_9: >- if ((vs->ctl_keys & 3) != 3) >- break; >- >- console_select(sym - XK_1); >- if (is_graphic_console()) { >- /* tell the vga console to redisplay itself */ >- vga_hw_invalidate(); >- vnc_dpy_update(vs->ds, 0, 0, vs->ds->width, vs->ds->height); >- } >- break; >- } >- } >+ keycode = keysym2scancode(vs->kbd_layout, sym); >+ if (keycode & 0x80) >+ kbd_put_keycode(0xe0); >+ if (down) >+ kbd_put_keycode(keycode & 0x7f); >+ else >+ kbd_put_keycode(keycode | 0x80); > } > > static void key_event(VncState *vs, int down, uint32_t sym)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=149043">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 230295
: 149043