[Spice-devel] [PATCH 13/13] server/inputs: return NULL on alloc_buf request for too large message
Alon Levy
alevy at redhat.com
Tue Dec 7 04:44:35 PST 2010
---
server/inputs_channel.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/server/inputs_channel.c b/server/inputs_channel.c
index de62bfe..e53a634 100644
--- a/server/inputs_channel.c
+++ b/server/inputs_channel.c
@@ -157,6 +157,10 @@ static uint8_t *inputs_channel_alloc_msg_rcv_buf(RedChannel *channel, SpiceDataH
{
InputsChannel *inputs_channel = SPICE_CONTAINEROF(channel, InputsChannel, base);
+ if (msg_header->size > RECEIVE_BUF_SIZE) {
+ red_printf("error: too large incoming message");
+ return NULL;
+ }
return inputs_channel->recv_buf;
}
--
1.7.3.2
More information about the Spice-devel
mailing list