[Spice-devel] [PATCH spice-server 25/30] Avoid possible server crash using websockets
Frediano Ziglio
fziglio at redhat.com
Mon Nov 21 12:52:12 UTC 2016
Currently code don't handle if system can't sent the
header in a single write command.
Don't cause abort but just close the connection.
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
server/websocket.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/server/websocket.c b/server/websocket.c
index d56dc53..69f993a 100644
--- a/server/websocket.c
+++ b/server/websocket.c
@@ -408,7 +408,12 @@ int websocket_writev(RedsWebSocket *ws, const struct iovec *iov, int iovcnt)
}
rc -= header_len;
- spice_assert(rc >= 0);
+ /* TODO this in theory can happen if we can't write the header */
+ if (SPICE_UNLIKELY(rc < 0)) {
+ ws->closed = TRUE;
+ errno = EPIPE;
+ return -1;
+ }
/* Key point: if we did not write out all the data, remember how
much more data the client is expecting, and write that data without
--
2.7.4
More information about the Spice-devel
mailing list