[Spice-devel] [PATCH spice-gtk v3 6/7] spice-uri: Check if port is in allowed range
Pavel Grunt
pgrunt at redhat.com
Thu May 19 16:38:08 UTC 2016
Related: rhbz#1335239
---
src/spice-uri.c | 8 ++++++--
tests/test-spice-uri.c | 2 ++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/spice-uri.c b/src/spice-uri.c
index b483374..6a43461 100644
--- a/src/spice-uri.c
+++ b/src/spice-uri.c
@@ -165,8 +165,8 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)
uri_port = uriv[1];
if (uri_port != NULL) {
- char *endptr;
- guint port = strtoul(uri_port, &endptr, 10);
+ gchar *endptr;
+ gint64 port = g_ascii_strtoll(uri_port, &endptr, 10);
if (*endptr != '\0') {
g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED,
"Invalid uri port: %s", uri_port);
@@ -175,6 +175,10 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)
g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED, "Missing uri port");
goto end;
}
+ if (port < 0 || port > 65535) {
+ g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED, "Port out of range");
+ goto end;
+ }
spice_uri_set_port(self, port);
}
diff --git a/tests/test-spice-uri.c b/tests/test-spice-uri.c
index 42c9aad..c32a343 100644
--- a/tests/test-spice-uri.c
+++ b/tests/test-spice-uri.c
@@ -35,6 +35,8 @@ static void test_spice_uri_ipv4(void)
{"http://", "http", NULL, 3128, NULL, NULL},
{"http://127.0.0.1:port", "http", "127.0.0.1", 3128, NULL, NULL}, /* invalid port */
{"http://127.0.0.1:", "http", "127.0.0.1", 3128, NULL, NULL},
+ {"http://127.0.0.1:-80", "http", "127.0.0.1", 3128, NULL, NULL},
+ {"http://127.0.0.1:8000000", "http", "127.0.0.1", 3128, NULL, NULL},
};
const struct test_case valid_test_cases[] = {
{"http://user:password@host:80", "http", "host", 80, "user", "password"},
--
2.8.2
More information about the Spice-devel
mailing list