[Spice-devel] [PATCH spice-gtk v3 6/7] spice-uri: Check if port is in allowed range
Pavel Grunt
pgrunt at redhat.com
Fri May 20 09:16:46 UTC 2016
On Fri, 2016-05-20 at 10:36 +0200, Victor Toso wrote:
> Hi,
>
> On Thu, May 19, 2016 at 06:38:08PM +0200, Pavel Grunt wrote:
> > Related: rhbz#1335239
> > ---
> > src/spice-uri.c | 8 ++++++--
> > tests/test-spice-uri.c | 2 ++
> > 2 files changed, 8 insertions(+), 2 deletions(-)
> >
> > diff --git a/src/spice-uri.c b/src/spice-uri.c
> > index b483374..6a43461 100644
> > --- a/src/spice-uri.c
> > +++ b/src/spice-uri.c
> > @@ -165,8 +165,8 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar
> > *_uri, GError **error)
> > uri_port = uriv[1];
> >
> > if (uri_port != NULL) {
> > - char *endptr;
> > - guint port = strtoul(uri_port, &endptr, 10);
> > + gchar *endptr;
> > + gint64 port = g_ascii_strtoll(uri_port, &endptr, 10);
> > if (*endptr != '\0') {
> > g_set_error(error, SPICE_CLIENT_ERROR,
> > SPICE_CLIENT_ERROR_FAILED,
> > "Invalid uri port: %s", uri_port);
> > @@ -175,6 +175,10 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar
> > *_uri, GError **error)
> > g_set_error(error, SPICE_CLIENT_ERROR,
> > SPICE_CLIENT_ERROR_FAILED, "Missing uri port");
> > goto end;
> > }
> > + if (port < 0 || port > 65535) {
> > + g_set_error(error, SPICE_CLIENT_ERROR,
> > SPICE_CLIENT_ERROR_FAILED, "Port out of range");
> > + goto end;
> > + }
> > spice_uri_set_port(self, port);
> > }
> >
> > diff --git a/tests/test-spice-uri.c b/tests/test-spice-uri.c
> > index 42c9aad..c32a343 100644
> > --- a/tests/test-spice-uri.c
> > +++ b/tests/test-spice-uri.c
> > @@ -35,6 +35,8 @@ static void test_spice_uri_ipv4(void)
> > {"http://", "http", NULL, 3128, NULL, NULL},
> > {"http://127.0.0.1:port", "http", "127.0.0.1", 3128, NULL, NULL},
> > /* invalid port */
> > {"http://127.0.0.1:", "http", "127.0.0.1", 3128, NULL, NULL},
> > + {"http://127.0.0.1:-80", "http", "127.0.0.1", 3128, NULL, NULL},
> > + {"http://127.0.0.1:8000000", "http", "127.0.0.1", 3128, NULL,
> > NULL},
> > };
> > const struct test_case valid_test_cases[] = {
> > {"http://user:password@host:80", "http", "host", 80, "user",
> > "password"},
>
> Looks good. You might want to include test to check the error you have
> included.
Check for the error message ? Code/domain is the same.
I will add it.
Thanks,
Pavel
>
> Acked-by: Victor Toso <victortoso at redhat.com>
>
> > --
> > 2.8.2
> >
> > _______________________________________________
> > Spice-devel mailing list
> > Spice-devel at lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/spice-devel
More information about the Spice-devel
mailing list