[Spice-devel] [PATCH spice-xpi] Validate port values
Peter Hatina
phatina at redhat.com
Tue Apr 3 06:35:11 PDT 2012
---
SpiceXPI/src/plugin/plugin.cpp | 32 ++++++++++++++++++++++++++++++--
1 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/SpiceXPI/src/plugin/plugin.cpp b/SpiceXPI/src/plugin/plugin.cpp
index de7afd0..19f7716 100644
--- a/SpiceXPI/src/plugin/plugin.cpp
+++ b/SpiceXPI/src/plugin/plugin.cpp
@@ -104,6 +104,22 @@ namespace {
return dest;
}
+
+ // helper function for tcp/udp range conversion and validation
+ static int portToInt(const std::string &port)
+ {
+ if (port.empty())
+ return -1;
+
+ char *end;
+ long int conv = strtol(port.c_str(), &end, 10);
+ if (*end != '\0')
+ return -1;
+ if (conv < 0 || conv > 65535)
+ return -1;
+
+ return static_cast<int>(conv);
+ }
}
#ifdef NPAPI_USE_CONSTCHARS
@@ -608,6 +624,16 @@ void nsPluginInstance::SendWStr(uint32_t id, const wchar_t *str)
void nsPluginInstance::Connect()
{
+ const int port = portToInt(m_port);
+ const int sport = portToInt(m_secure_port);
+
+ if (port < 0)
+ LOG_ERROR("invalid port: " << m_port);
+ if (sport < 0)
+ LOG_ERROR("invalid secure port: " << m_secure_port);
+ if (port < 0 && sport < 0)
+ return;
+
std::string socket_file(m_tmp_dir);
socket_file += "/spice-xpi";
if (setenv("SPICE_XPI_SOCKET", socket_file.c_str(), 1))
@@ -707,8 +733,10 @@ void nsPluginInstance::Connect()
LOG_INFO("Initiating connection with controller");
SendInit();
SendStr(CONTROLLER_HOST, m_host_ip.c_str());
- SendValue(CONTROLLER_PORT, atoi(m_port.c_str()));
- SendValue(CONTROLLER_SPORT, atoi(m_secure_port.c_str()));
+ if (port >= 0)
+ SendValue(CONTROLLER_PORT, port);
+ if (sport >= 0)
+ SendValue(CONTROLLER_SPORT, sport);
SendValue(CONTROLLER_FULL_SCREEN,
(m_fullscreen == PR_TRUE ? CONTROLLER_SET_FULL_SCREEN : 0) |
(m_admin_console == PR_FALSE ? CONTROLLER_AUTO_DISPLAY_RES : 0));
--
1.7.1
More information about the Spice-devel
mailing list