[spice-gtk 2/2] Recheck clipboard size after modifying its data

Christophe Fergeau <cfergeau@xxxxxxxxxx> · Mon, 17 Nov 2014 15:17:32 +0100

SpiceGtkSession::clipboard_received_cb() starts by checking if the
clipboard is empty, or if the length of its data exceeds
'max-clipboard-size'.

Later in that function, the data is modified, and can be shortened
(removal of trailing '\0' or of '\r' for Windows -> linux copy and
paste), or enlarged (addition of '\r' for linux -> Windows c&p).

This commit adds another check that the clipboard length is still valid
(non-0, and not bigger than 'max-clipboard-size') after making these
transformations.
---
 gtk/spice-gtk-session.c | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/gtk/spice-gtk-session.c b/gtk/spice-gtk-session.c
index 26a0ecf..ca32d28 100644
--- a/gtk/spice-gtk-session.c
+++ b/gtk/spice-gtk-session.c
@@ -826,6 +826,24 @@ skip_grab_clipboard:
     return TRUE;
 }
 
+static gboolean check_clipboard_size_limits(SpiceGtkSession *session,
+                                            gint clipboard_len)
+{
+    int max_clipboard;
+
+    g_object_get(session->priv->main, "max-clipboard", &max_clipboard, NULL);
+    if (max_clipboard != -1 && clipboard_len > max_clipboard) {
+        g_warning("discarded clipboard of size %d (max: %d)",
+                  clipboard_len, max_clipboard);
+        return FALSE;
+    } else if (clipboard_len <= 0) {
+        SPICE_DEBUG("discarding empty clipboard");
+        return FALSE;
+    }
+
+    return TRUE;
+}
+
 static void clipboard_received_cb(GtkClipboard *clipboard,
                                   GtkSelectionData *selection_data,
                                   gpointer user_data)
@@ -845,18 +863,12 @@ static void clipboard_received_cb(GtkClipboard *clipboard,
     gchar* name;
     GdkAtom atom;
     int selection;
-    int max_clipboard;
 
     selection = get_selection_from_clipboard(s, clipboard);
     g_return_if_fail(selection != -1);
 
-    g_object_get(s->main, "max-clipboard", &max_clipboard, NULL);
     len = gtk_selection_data_get_length(selection_data);
-    if (max_clipboard != -1 && len > max_clipboard) {
-        g_warning("discarded clipboard of size %d (max: %d)", len, max_clipboard);
-        return;
-    } else if (len <= 0) {
-        SPICE_DEBUG("discarding empty clipboard");
+    if (!check_clipboard_size_limits(self, len)) {
         return;
     } else {
         atom = gtk_selection_data_get_data_type(selection_data);
@@ -902,6 +914,9 @@ static void clipboard_received_cb(GtkClipboard *clipboard,
              */
             len = strlen((const char *)data);
         }
+        if (!check_clipboard_size_limits(self, len)) {
+            return;
+        }
     }
 
     spice_main_clipboard_selection_notify(s->main, selection, type,
-- 
2.1.0

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel








