pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2025-12-26 22:48:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

main-channel: Prevent overflow reading messages from client

Browse Source 
Caller is supposed the function return a buffer able to store
size bytes.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
This commit is contained in:
Frediano Ziglio 2016-11-29 16:46:56 +00:00
parent e16eee1d8b
commit 1d3e26c0ee
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
server/main-channel.c
View File

@ -258,6 +258,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
return reds_get_agent_data_buffer(red_channel_get_server(channel), mcc, size);
} else if (size > sizeof(main_chan->recv_buf)) {
/* message too large, caller will log a message and close the connection */
return NULL;
} else {
return main_chan->recv_buf;
}