[Spice-devel] [PATCH spice-server 3/3] Dispatcher: validate received message types
Jonathon Jongsma
jjongsma at redhat.com
Fri Sep 1 18:52:45 UTC 2017
Although dispatcher_send_message() does not allow you to send a message
type that is invalid for a dispatcher, it still makes sense to be
defensive in the receiver. Validate that the message type that was read
from the socket is in fact a valid message type for this dispatcher.
---
server/dispatcher.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/server/dispatcher.c b/server/dispatcher.c
index 4e03ea046..965bae8e8 100644
--- a/server/dispatcher.c
+++ b/server/dispatcher.c
@@ -285,6 +285,10 @@ static int dispatcher_handle_single_read(Dispatcher *dispatcher)
/* no messsage */
return 0;
}
+ if (type >= dispatcher->priv->max_message_type) {
+ spice_printerr("Invalid message type for this dispatcher: %u", type);
+ return 0;
+ }
msg = &dispatcher->priv->messages[type];
if (read_safe(dispatcher->priv->recv_fd, payload, msg->size, 1) == -1) {
spice_printerr("error reading from dispatcher: %d", errno);
--
2.13.3
More information about the Spice-devel
mailing list