[Spice-devel] [PATCH spice-server 14/23] websocket: Avoid possible server crash using websockets
Frediano Ziglio
fziglio at redhat.com
Tue Jun 25 16:11:38 UTC 2019
Currently code don't handle if system can't sent the
header in a single write command.
Don't cause abort but just close the connection.
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
server/websocket.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/server/websocket.c b/server/websocket.c
index dda71f768..6f1581f9c 100644
--- a/server/websocket.c
+++ b/server/websocket.c
@@ -439,7 +439,12 @@ int websocket_writev(RedsWebSocket *ws, const struct iovec *iov, int iovcnt)
}
rc -= header_len;
- spice_assert(rc >= 0);
+ /* TODO this in theory can happen if we can't write the header */
+ if (SPICE_UNLIKELY(rc < 0)) {
+ ws->closed = true;
+ errno = EPIPE;
+ return -1;
+ }
/* Key point: if we did not write out all the data, remember how
much more data the client is expecting, and write that data without
--
2.20.1
More information about the Spice-devel
mailing list