qemu: Let empty default VNC password work as documented
authorJiri Denemark <jdenemar@redhat.com>
Tue, 28 Jun 2016 12:39:58 +0000 (14:39 +0200)
committerJiri Denemark <jdenemar@redhat.com>
Thu, 30 Jun 2016 08:20:44 +0000 (10:20 +0200)
commitbb848feec0f3f10e92dd8e5231ae7aa89b5598f3
treedd6dde5356d9e394df564ad1b0bc55b79797cec5
parent7371ca5c26a4da6f0a9f2afc5722a139603d6245
qemu: Let empty default VNC password work as documented

CVE-2016-5008

Setting an empty graphics password is documented as a way to disable
VNC/SPICE access, but QEMU does not always behaves like that. VNC would
happily accept the empty password. Let's enforce the behavior by setting
password expiration to "now".

https://bugzilla.redhat.com/show_bug.cgi?id=1180092

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
src/qemu/qemu_hotplug.c