[Spice-devel] [PATCH 1/2] Don't limit spice controller socket name to 50 chars

Christophe Fergeau cfergeau at redhat.com
Tue Mar 20 08:14:07 PDT 2012 

The spice controller socket name used to be hardcoded to
/tmp/SpiceController-%lu.uds and generated using snprintf. A 50 bytes
buffer was enough for that, but this was changed in commit 79fffbf95
because this was predictable and allowed other users on the system
to sniff the browser/client communication.
However, since the name that is used is no longer generated by spicec,
no assumption can be made about its size. Currently, the socket is
created inside the user home directory, which means that if the
user name is too long, spicec will not be able to read the controller
socket name.
This commit directly uses the string from getenv as he name of the
controller socket (on Linux) instead of limiting its size to 50 characters,
which should fix this issue.
This fixes rhbz #804561
---
 client/controller.cpp |   10 ++++------
 1 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/client/controller.cpp b/client/controller.cpp
index 05b4b7f..c89dbb6 100644
--- a/client/controller.cpp
+++ b/client/controller.cpp
@@ -27,9 +27,9 @@
 #include "debug.h"
 #include "platform.h"
 
-#define PIPE_NAME_MAX_LEN 50
 
 #ifdef WIN32
+#define PIPE_NAME_MAX_LEN 50
 #define PIPE_NAME "SpiceController-%lu"
 #endif
 
@@ -38,18 +38,16 @@ Controller::Controller(ControllerInterface *handler)
     , _exclusive (false)
     , _refs (1)
 {
-    char pipe_name[PIPE_NAME_MAX_LEN];
-
     ASSERT(_handler);
 #ifdef WIN32
+    char pipe_name[PIPE_NAME_MAX_LEN];
     snprintf(pipe_name, PIPE_NAME_MAX_LEN, PIPE_NAME, Platform::get_process_id());
 #else
-    const char *p_socket = getenv("SPICE_XPI_SOCKET");
-    if (!p_socket) {
+    const char *pipe_name = getenv("SPICE_XPI_SOCKET");
+    if (!pipe_name) {
         LOG_ERROR("Failed to get a controller connection (SPICE_XPI_SOCKET)");
         throw Exception("Failed to get a controller connection (SPICE_XPI_SOCKET)");
     }
-    strncpy(pipe_name, p_socket, sizeof(pipe_name));
 #endif
     LOG_INFO("Creating a controller connection %s", pipe_name);
     _pipe = NamedPipe::create(pipe_name, *this);
-- 
1.7.7.6

More information about the Spice-devel mailing list