[Spice-devel] [vdagent-win PATCH] Prevent possible future buffer overflow
Christophe de Dinechin
cdupontd at redhat.com
Wed Jul 26 07:28:35 UTC 2017
> On 26 Jul 2017, at 09:21, Frediano Ziglio <fziglio at redhat.com> wrote:
>
> event_type should come only with specific values but
> this in theory can change in the future.
> To prevent overflows (just for logging) check value size
> against lookup array.
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> vdservice/vdservice.cpp | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/vdservice/vdservice.cpp b/vdservice/vdservice.cpp
> index 329f9c2..ec6243e 100644
> --- a/vdservice/vdservice.cpp
> +++ b/vdservice/vdservice.cpp
> @@ -284,7 +284,8 @@ DWORD WINAPI VDService::control_handler(DWORD control, DWORD event_type, LPVOID
> break;
> case SERVICE_CONTROL_SESSIONCHANGE: {
> DWORD session_id = ((WTSSESSION_NOTIFICATION*)event_data)->dwSessionId;
> - vd_printf("Session %lu %s", session_id, session_events[event_type]);
> + vd_printf("Session %lu %s", session_id,
> + event_type < ARRAYSIZE(session_events) ? session_events[event_type]: "unknown");
> SetServiceStatus(s->_status_handle, &s->_status);
> if (event_type == WTS_CONSOLE_CONNECT) {
> s->_session_id = session_id;
Ack
> --
> 2.13.3
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
More information about the Spice-devel
mailing list