[Spice-devel] [PATCH v2 spice-gtk 1/3] spice-session/spice_uri_parse: fail if a key is seen twice
Alon Levy
alevy at redhat.com
Tue Jan 3 08:52:44 PST 2012
---
gtk/spice-session.c | 17 ++++++++++++++---
1 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/gtk/spice-session.c b/gtk/spice-session.c
index a2fa550..b640e06 100644
--- a/gtk/spice-session.c
+++ b/gtk/spice-session.c
@@ -241,6 +241,8 @@ static int spice_uri_parse(SpiceSession *session, const char *original_uri)
SpiceSessionPrivate *s = SPICE_SESSION_GET_PRIVATE(session);
char host[128], key[32], value[128];
char *port = NULL, *tls_port = NULL, *uri = NULL, *password = NULL;
+ char **target_key;
+ int punctuation = 0;
int len, pos = 0;
g_return_val_if_fail(original_uri != NULL, -1);
@@ -258,6 +260,7 @@ static int spice_uri_parse(SpiceSession *session, const char *original_uri)
for (;;) {
if (uri[pos] == '?' || uri[pos] == ';' || uri[pos] == '&') {
pos++;
+ punctuation++;
continue;
}
if (uri[pos] == 0) {
@@ -266,17 +269,25 @@ static int spice_uri_parse(SpiceSession *session, const char *original_uri)
if (sscanf(uri + pos, "%31[-a-zA-Z0-9]=%127[^;&]%n", key, value, &len) != 2)
goto fail;
pos += len;
+ target_key = NULL;
if (g_str_equal(key, "port")) {
- port = g_strdup(value);
+ target_key = &port;
} else if (g_str_equal(key, "tls-port")) {
- tls_port = g_strdup(value);
+ target_key = &tls_port;
} else if (g_str_equal(key, "password")) {
- password = g_strdup(value);
+ target_key = &password;
g_warning("password may be visible in process listings");
} else {
g_warning("unknown key in spice URI parsing: %s", key);
goto fail;
}
+ if (target_key) {
+ if (*target_key) {
+ g_warning("double set of %s", key);
+ goto fail;
+ }
+ *target_key = g_strdup(value);
+ }
}
if (port == NULL && tls_port == NULL) {
--
1.7.8.1
More information about the Spice-devel
mailing list