[Spice-devel] [PATCH spice-gtk v3 6/7] spice-uri: Check if port is in allowed range

[Pavel Grunt]

On Fri, 2016-05-20 at 14:50 +0200, Christophe Fergeau wrote:
> On Thu, May 19, 2016 at 06:38:08PM +0200, Pavel Grunt wrote:
> > Related: rhbz#1335239
> > ---
> >  src/spice-uri.c        | 8 ++++++--
> >  tests/test-spice-uri.c | 2 ++
> >  2 files changed, 8 insertions(+), 2 deletions(-)
> > 
> > diff --git a/src/spice-uri.c b/src/spice-uri.c
> > index b483374..6a43461 100644
> > --- a/src/spice-uri.c
> > +++ b/src/spice-uri.c
> > @@ -165,8 +165,8 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar
> > *_uri, GError **error)
> >          uri_port = uriv[1];
> >  
> >      if (uri_port != NULL) {
> > -        char *endptr;
> > -        guint port = strtoul(uri_port, &endptr, 10);
> > +        gchar *endptr;
> > +        gint64 port = g_ascii_strtoll(uri_port, &endptr, 10);
> 
> Not sure this is 100% related to this change? but why not

It helps to detect negative values (strtoul "converts" negative number to
positive/treats it as negative w/o the sign?) - I'll mention the reason for
change in the commit log.
> 
> >          if (*endptr != '\0') {
> >              g_set_error(error, SPICE_CLIENT_ERROR,
> > SPICE_CLIENT_ERROR_FAILED,
> >                          "Invalid uri port: %s", uri_port);
> > @@ -175,6 +175,10 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar
> > *_uri, GError **error)
> >              g_set_error(error, SPICE_CLIENT_ERROR,
> > SPICE_CLIENT_ERROR_FAILED, "Missing uri port");
> >              goto end;
> >          }
> > +        if (port < 0 || port > 65535) {
> > +            g_set_error(error, SPICE_CLIENT_ERROR,
> > SPICE_CLIENT_ERROR_FAILED, "Port out of range");
> > +            goto end;
> > +        }
> 
> I'd check for <= 0

Ok, I'll change it.

Thanks

Pavel