On Wed, Jul 11, 2012 at 01:03:28PM +0200, Peter Hatina wrote: > Hi, > > I had a request to validate TCP port values in spice-xpi, so > does this make sense for you? > > More info at https://bugzilla.redhat.com/show_bug.cgi?id=805602 > > --- > SpiceXPI/src/plugin/plugin.cpp | 27 +++++++++++++++++++++++++-- > 1 file changed, 25 insertions(+), 2 deletions(-) > > diff --git a/SpiceXPI/src/plugin/plugin.cpp b/SpiceXPI/src/plugin/plugin.cpp > index b7f61ba..4aac37e 100644 > --- a/SpiceXPI/src/plugin/plugin.cpp > +++ b/SpiceXPI/src/plugin/plugin.cpp > @@ -106,6 +106,18 @@ namespace { > > return dest; > } > + > + // helper function for tcp/udp range conversion and validation > + static int portToInt(const std::string &port) > + { > + errno = 0; > + char *end; > + const long int min = 0; > + const long int max = 65535; > + long int conv = strtol(port.c_str(), &end, 10); > + return (errno || *end != '\0' || end == port.c_str() || conv < min || conv > max) > + ? -1 : static_cast<int>(conv); > + } > } > > #ifdef NPAPI_USE_CONSTCHARS > @@ -581,6 +593,15 @@ void nsPluginInstance::SendStr(uint32_t id, std::string str) > > void nsPluginInstance::Connect() > { > + const int port = portToInt(m_port); > + const int sport = portToInt(m_secure_port); > + if (port <= 0) > + g_warning("invalid port: '%s'", m_port.c_str()); > + if (sport <= 0) > + g_warning("invalid secure port: '%s'", m_secure_port.c_str()); > + if (port <= 0 && sport <= 0) > + return; > + 0 should mean "turned off", so it should be a valid value to pass to spice-xpi and in CONTROLLER_PORT and CONTROLLER_SPORT. spice-gtk should not listen to the specific port that is 0 (and it doesn't). > std::string socket_file(m_tmp_dir); > socket_file += "/spice-xpi"; > if (setenv("SPICE_XPI_SOCKET", socket_file.c_str(), 1)) > @@ -678,8 +699,10 @@ void nsPluginInstance::Connect() > > SendInit(); > SendStr(CONTROLLER_HOST, m_host_ip); > - SendValue(CONTROLLER_PORT, atoi(m_port.c_str())); > - SendValue(CONTROLLER_SPORT, atoi(m_secure_port.c_str())); > + if (port > 0) > + SendValue(CONTROLLER_PORT, port); > + if (sport > 0) > + SendValue(CONTROLLER_SPORT, sport); > SendValue(CONTROLLER_FULL_SCREEN, > (m_fullscreen == PR_TRUE ? CONTROLLER_SET_FULL_SCREEN : 0) | > (m_admin_console == PR_FALSE ? CONTROLLER_AUTO_DISPLAY_RES : 0)); > -- > Peter Hatina > EMEA ENG-Desktop Development > Red Hat Czech, Brno > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > http://lists.freedesktop.org/mailman/listinfo/spice-devel _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel