[Spice-devel] [PATCH spice-gtk] proto: Remove support for SPICE version 1

Fri Sep 28 08:23:28 UTC 2018

> 
> Hi,
> 
> On Fri, Sep 28, 2018 at 09:05:45AM +0100, Frediano Ziglio wrote:
> > SPICE version 2 was introduced more than 8 years ago.
> > RHEL 6 already removed support for version 1 in the server.
> > 
> > Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> 
> Acked-by: Victor Toso <victortoso at redhat.com>
> 
> > ---
> >  src/spice-channel.c      | 17 ++---------------
> >  subprojects/spice-common |  2 +-
> >  2 files changed, 3 insertions(+), 16 deletions(-)
> > 
> > diff --git a/src/spice-channel.c b/src/spice-channel.c
> > index 7de12980..2aa0826d 100644
> > --- a/src/spice-channel.c
> > +++ b/src/spice-channel.c
> > @@ -1315,11 +1315,8 @@ static void spice_channel_send_link(SpiceChannel
> > *channel)
> >      g_object_get(c->session, "protocol", &protocol, NULL);
> >      switch (protocol) {
> >      case 1: /* protocol 1 == major 1, old 0.4 protocol, last active minor
> >      */
> > -        c->link_hdr.major_version = 1;
> > -        c->link_hdr.minor_version = 3;
> > -        c->parser = spice_get_server_channel_parser1(c->channel_type,
> > NULL);
> > -        c->marshallers = spice_message_marshallers_get1();
> > -        break;
> > +        g_critical("deprecated major %d", protocol);
> > +        return;

This now should never be reachable as nobody should set protocol
to 1, unless the client specifically do so.

> >      case SPICE_VERSION_MAJOR: /* protocol 2 == current */
> >          c->link_hdr.major_version = SPICE_VERSION_MAJOR;
> >          c->link_hdr.minor_version = SPICE_VERSION_MINOR;
> > @@ -1410,16 +1407,6 @@ static gboolean
> > spice_channel_recv_link_hdr(SpiceChannel *channel)
> >      return TRUE;
> >  
> >  error:
> > -    /* Windows socket seems to give early CONNRESET errors. The server
> > -       does not linger when closing the socket if the protocol is
> > -       incompatible. Try with the oldest protocol in this case: */
> > -    if (c->link_hdr.major_version != 1) {
> > -        SPICE_DEBUG("%s: error, switching to protocol 1 (spice 0.4)",
> > c->name);
> > -        c->state = SPICE_CHANNEL_STATE_RECONNECTING;
> > -        g_object_set(c->session, "protocol", 1, NULL);
> > -        return FALSE;
> > -    }
> > -

This potentially is removing a downgrade attack, would require some
digging to confirm, but surely now is not a problem.

> >      c->event = SPICE_CHANNEL_ERROR_LINK;
> >      return FALSE;
> >  }
> > diff --git a/subprojects/spice-common b/subprojects/spice-common
> > index bb15d481..7d165366 160000
> > --- a/subprojects/spice-common
> > +++ b/subprojects/spice-common
> > @@ -1 +1 @@
> > -Subproject commit bb15d4815ab586b4c4a20f4a565970a44824c42c
> > +Subproject commit 7d16536672a5f2a0f61c6b4279d45b509e957dfb
> 
> In a different commit maybe?
> 
> Victor
> 

They are related, as spice-common will contain the commit to remove
the same support.

Frediano