c10b4e26ef
Two bugs found via the weston journal (issue #92): 1. MD5 rotation index used (j>>2 & 3) for the round number, which cycles every 4 steps instead of every 16. Verified against RFC 1321 test vectors: md5("") was 7a1dce5b... instead of d41d8cd9... — the derived AES key was wrong, so the server decrypted the credentials to garbage. Fixed to j>>4. 2. weston's vnc_handle_auth calls getpwnam(username) and requires pw_uid == weston's own uid before PAM is consulted. We sent an empty username, which fails outright ("VNC: wrong user"). weston runs as root, so send username "root"; the empty password still passes via pam_permit.so on the weston-remote-access service. Fixes #92 |
||
|---|---|---|
| .. | ||
| assets | ||
| prompts | ||
| src | ||
| Cargo.toml | ||