pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2025-12-31 11:28:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

main-channel: Prevent overflow reading messages from client

Browse Source 
Caller is supposed the function return a buffer able to store
size bytes.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
This commit is contained in:
Frediano Ziglio 2016-11-29 16:46:56 +00:00
parent f66dc64363
commit 5f96b59635
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
server/main_channel.c
View File

@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
return reds_get_agent_data_buffer(mcc, size);
} else if (size > sizeof(main_chan->recv_buf)) {
/* message too large, caller will log a message and close the connection */
return NULL;
} else {
return main_chan->recv_buf;
}