[Spice-devel] [PATCH usbredir] usbredirserver: reject empty vendor id in cmd line
Frediano Ziglio
fziglio at redhat.com
Tue Nov 28 11:11:23 UTC 2017
>
> At 2017-11-28 18:49:54, "Frediano Ziglio" <fziglio at redhat.com> wrote:
> >>
> >> At 2017-11-28 18:27:54, "Frediano Ziglio" <fziglio at redhat.com> wrote:
> >> >>
> >> >> From: Chen Hanxiao <chenhanxiao at gmail.com>
> >> >>
> >> >> Vendor ID 0000 is not a valid ID [1]
> >> >> But we could pass it from cmd:
> >> >> usbredirserver :abcd
> >> >> or
> >> >> usbredirserver 0000:abcd
> >> >>
> >> >> Which will pass a 0000 vendor id to usbredirserver.
> [snip]
>
> >> >
> >> >Maybe you want something like
> >> >
> >> > if (*endptr != ':' || usbvendor <= 0 || usbvendor > 0xffff) {
> >> >
> >> >similar for usbproduct.
> >>
> >> We don't need to check for usbvendor <0, for we don't have long options
> >> for
> >> usbvendor:usbproduct.
> >> So I don't know how to pass a negative value to it.
> >>
> >
> >Well, try "81234567:-123" :-)
>
> As:
> https://github.com/chenhanxiao/usbredir/blob/master/usbredirserver/usbredirserver.c#L246-L249
>
> It will fail at:
> if (*endptr != '-') { //may get ':' here
>
>
> Regards,
> - Chen
>
Yes, you are right, everything containing "-" is parsed as BUS-ADDR however
you can have strings like "81234567:123" that will still trigger an overflow
and possible weird thing like "123--123" or " -123- 12345678901".
Depends how strict you want to be and how nasty the user wants to be.
> >
> >>
> >> The check for <= 0xffff looks reasonable.
> >>
> >> Regards,
> >> - Chen
> >
> >Frediano
>
More information about the Spice-devel
mailing list