[Spice-devel] [PATCH spice-server v2 3/7] smartcard: Do not crash if reader_id is invalid
Victor Toso
victortoso at redhat.com
Wed Oct 9 07:51:29 UTC 2019
On Tue, Oct 08, 2019 at 06:39:20PM +0100, Frediano Ziglio wrote:
> Avoid client to trigger crash. The value of smartcard_readers_get
> is checked for NULL so returning it it's not an issue.
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
Nice catch.
Acked-by: Victor Toso <victortoso at redhat.com>
> ---
> server/smartcard.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/server/smartcard.c b/server/smartcard.c
> index 3f51f5298..4c5bba07d 100644
> --- a/server/smartcard.c
> +++ b/server/smartcard.c
> @@ -222,7 +222,9 @@ static int smartcard_char_device_add_to_readers(RedsState *reds, SpiceCharDevice
>
> SpiceCharDeviceInstance *smartcard_readers_get(uint32_t reader_id)
> {
> - spice_assert(reader_id < g_smartcard_readers.num);
> + if (reader_id >= g_smartcard_readers.num) {
> + return NULL;
> + }
> return g_smartcard_readers.sin[reader_id];
> }
>
> --
> 2.21.0
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20191009/c8f49cc9/attachment.sig>
More information about the Spice-devel
mailing list