[Spice-devel] [PATCH spice-xpi] Validate port values

Alon Levy alevy at redhat.com
Tue Apr 3 07:37:21 PDT 2012


On Tue, Apr 03, 2012 at 03:56:12PM +0200, Peter Hatina wrote:
> On 04/03/2012 03:39 PM, Marc-André Lureau wrote:
> > 
> > 
> > ----- Mensaje original -----
> >>  
> >>  void nsPluginInstance::Connect()
> >>  {
> >> +    const int port = portToInt(m_port);
> >> +    const int sport = portToInt(m_secure_port);
> >> +
> >> +    if (port < 0)
> >> +        LOG_ERROR("invalid port: " << m_port);
> >> +    if (sport < 0)
> >> +        LOG_ERROR("invalid secure port: " << m_secure_port);
> >> +    if (port < 0 && sport < 0)
> >> +        return;
> > 
> > Do we really want to proceed if any of the value is incorrect? I would say no.
> 
> You mean, when there is one of the values valid and the other invalid?
> That's what I was asking on #spice. I do not know, if spicec/virt-viewer
> can work only with secure port. With unencrypted port, it works.
> 
> Can anyone competent tell me, if to stop or not?
> 

Marc-Andre, I think it's valid to proceed with a single port as long as
the channels are only allocated to the valid port. Besides, -1 is not
invalid, it just means "don't open this port".

While spice-xpi can't validate that the connection will succeed, since
it doesn't have the list of secure channels (channels that will only be
accepted if the client requests them from the tls port), otherwise the
connection will succeed even if port=0 and tls-port!=0.

> -- 
> Peter Hatina
> EMEA ENG-Desktop Development
> Red Hat Czech, Brno
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel


More information about the Spice-devel mailing list