[Spice-devel] [PATCH spice-server 14/23] websocket: Avoid possible server crash using websockets

Frediano Ziglio fziglio at redhat.com
Tue Jun 25 16:11:38 UTC 2019


Currently code don't handle if system can't sent the
header in a single write command.
Don't cause abort but just close the connection.

Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
 server/websocket.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/server/websocket.c b/server/websocket.c
index dda71f768..6f1581f9c 100644
--- a/server/websocket.c
+++ b/server/websocket.c
@@ -439,7 +439,12 @@ int websocket_writev(RedsWebSocket *ws, const struct iovec *iov, int iovcnt)
     }
     rc -= header_len;
 
-    spice_assert(rc >= 0);
+    /* TODO this in theory can happen if we can't write the header */
+    if (SPICE_UNLIKELY(rc < 0)) {
+        ws->closed = true;
+        errno = EPIPE;
+        return -1;
+    }
 
     /* Key point:  if we did not write out all the data, remember how
        much more data the client is expecting, and write that data without
-- 
2.20.1



More information about the Spice-devel mailing list