pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2025-12-26 14:41:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
474158dfef
spice/server/tests
History
Christophe Fergeau a4a16ac42d memslot: Fix off-by-one error in group/slot boundary check 
RedMemSlotInfo keeps an array of groups, and each group contains an
array of slots. Unfortunately, these checks are off by 1, they check
that the index is greater or equal to the number of elements in the
array, while these arrays are 0 based. The check should only check for
strictly greater than the number of elements.

For the group array, this is not a big issue, as these memslot groups
are created by spice-server users (eg QEMU), and the group ids used to
index that array are also generated by the spice-server user, so it
should not be possible for the guest to set them to arbitrary values.

The slot id is more problematic, as it's calculated from a QXLPHYSICAL
address, and such addresses are usually set by the guest QXL driver, so
the guest can set these to arbitrary values, including malicious values,
which are probably easy to build from the guest PCI configuration.

This patch fixes the arrays bound check, and adds a test case for this.
This fixes CVE-2019-3813.

Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
2019-02-05 14:05:49 +01:00
..
pki tests/pki: Use CA/certificate valid until 2048 and with 2048 bits 2018-12-07 12:31:11 +00:00
valgrind ci: Ignore leak from GnuTLS p11 call 2018-11-16 15:28:32 +00:00
.gitignore tests: Add a small test for red_record_ APIs 2018-11-16 17:39:15 +00:00
base_test.ppm Adding image to be used as "correct" in regression tests 2012-02-14 14:53:47 +02:00
basic-event-loop.c tests: basic-event-loop: Silence debug message 2018-03-13 11:40:50 +01:00
basic-event-loop.h tests: Allow to quit the message loop 2017-09-07 08:54:18 +01:00
Makefile.am tests: Add a small test for red_record_ APIs 2018-11-16 17:39:15 +00:00
meson.build tests: Add a small test for red_record_ APIs 2018-11-16 17:39:15 +00:00
README tests: Update README 2017-09-07 08:54:18 +01:00
regression-test.py test-display-base: Port to Windows 2019-01-03 13:08:17 +00:00
replay.c replay: Port to Windows 2019-01-31 11:03:19 +00:00
stat-test.c Use verify instead of G_STATIC_ASSERT 2017-12-01 22:49:46 +00:00
test-agent-msg-filter.c test-agent-msg-filter: Adjust for recent logging changes 2018-06-28 14:31:22 +01:00
test-channel.c channel: Remove unused 3rd red_channel_register_client_cbs() arg 2018-06-21 17:54:27 +01:00
test-codecs-parsing.c reds: Fix one case parsing invalid codec string 2018-07-03 09:32:20 +01:00
test-display-base.c windows: Do not include headers not available on Windows 2019-01-31 10:48:34 +00:00
test-display-base.h tests: Automatically determine free port to use 2017-09-21 17:32:23 +02:00
test-display-no-ssl.c tests: destroy test object 2017-09-02 08:07:38 +01:00
test-display-resolution-changes.c clang: remove double promotion 2018-01-08 10:20:30 +00:00
test-display-streaming.c Avoid some alignment warnings using clang 2018-01-31 13:35:46 +00:00
test-display-width-stride.c tests: Use GLib memory functions 2017-12-01 22:31:52 +00:00
test-empty-success.c tests: Make test-empty-success automated 2017-09-07 08:54:18 +01:00
test-fail-on-null-core-interface.c tests: Make test-fail-on-null-core-interface an automated test 2017-09-07 08:54:18 +01:00
test-glib-compat.c Fix minor incompatibilities with RHEL6 2017-03-30 10:50:09 +01:00
test-glib-compat.h tests: Add G_PID_FORMAT to glib compat header 2018-07-08 16:24:35 +01:00
test-gst.c Avoid some alignment warnings using clang 2018-01-31 13:35:46 +00:00
test-leaks.c test-leaks: Avoid clashing with test-display-base ports 2018-11-16 16:37:27 +00:00
test-listen.c test-listen: Exclude Unix sockets part under Windows 2019-01-31 10:59:39 +00:00
test-loop.c tests: Normalize test names 2016-11-25 13:52:39 +00:00
test-multiple.py tests: Normalize test names 2016-11-25 13:52:39 +00:00
test-options.c tests: Move some specific GLib compatibility to compatibility file 2017-03-03 16:49:41 +00:00
test-playback.c windows: Do not include headers not available on Windows 2019-01-31 10:48:34 +00:00
test-qxl-parsing.c memslot: Fix off-by-one error in group/slot boundary check 2019-02-05 14:05:49 +01:00
test-record.c tests: Add a small test for red_record_ APIs 2018-11-16 17:39:15 +00:00
test-sasl.c tests: Avoid some possible not initialized warning from Clang 2018-01-31 13:31:40 +00:00
test-stat-file.c tests: Use GLib memory functions 2017-12-01 22:31:52 +00:00
test-stat.c tests: Rename stat-main.c to test-stat.c 2017-09-18 13:50:26 +01:00
test-stream-device.c test-stream-device: Expect the g_log warning about invalid message 2018-08-09 11:28:29 +01:00
test-stream.c test-stream: initialize msg.msg_flags 2017-12-11 10:16:11 +00:00
test-two-servers.c tests: Automatically determine free port to use 2017-09-21 17:32:23 +02:00
test-vdagent.c test-vdagent: Remove useless MIN definition 2017-12-05 10:54:09 +00:00
video-encoders test: Add vp9 support to GStreamer test 2017-04-07 16:45:54 +01:00

README 

What is here
============

This directory will contain a testsuite for the server.

You can run all the tests and use libtool to debug any of them:

libtool --mode=execute gdb test-just-sockets-no-ssl

Overview of tests
=================

test-just-sockets-no-ssl
 A complete server, only provides the main and inputs channels. Doesn't actually produce anything on the channels. Essentially a test of the regular link code (reds.c), good for multiple connect/disconnect tests.

test-empty-success
 tests calling

test-fail-on-null-core-interface
 should abort when run (when spice tries to watch_add)

basic-event-loop.c
 event loop to provide core interface.

Automated tests
===============

test-display-streaming.c
 this test can be used to check regressions. For this, test-display-streaming needs to be called passing --automated-tests as parameter