looks good, ack
On Mon, Nov 17, 2014 at 3:17 PM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote:
> SpiceGtkSession::clipboard_received_cb() starts by checking if the
> clipboard is empty, or if the length of its data exceeds
> 'max-clipboard-size'.
>
> Later in that function, the data is modified, and can be shortened
> (removal of trailing '\0' or of '\r' for Windows -> linux copy and
> paste), or enlarged (addition of '\r' for linux -> Windows c&p).
>
> This commit adds another check that the clipboard length is still valid
> (non-0, and not bigger than 'max-clipboard-size') after making these
> transformations.
> ---
> gtk/spice-gtk-session.c | 29 ++++++++++++++++++++++-------
> 1 file changed, 22 insertions(+), 7 deletions(-)
>
> diff --git a/gtk/spice-gtk-session.c b/gtk/spice-gtk-session.c
> index 26a0ecf..ca32d28 100644
> --- a/gtk/spice-gtk-session.c
> +++ b/gtk/spice-gtk-session.c
> @@ -826,6 +826,24 @@ skip_grab_clipboard:
> return TRUE;
> }
>
> +static gboolean check_clipboard_size_limits(SpiceGtkSession *session,
> + gint clipboard_len)
> +{
> + int max_clipboard;
> +
> + g_object_get(session->priv->main, "max-clipboard", &max_clipboard, NULL);
> + if (max_clipboard != -1 && clipboard_len > max_clipboard) {
> + g_warning("discarded clipboard of size %d (max: %d)",
> + clipboard_len, max_clipboard);
> + return FALSE;
> + } else if (clipboard_len <= 0) {
> + SPICE_DEBUG("discarding empty clipboard");
> + return FALSE;
> + }
> +
> + return TRUE;
> +}
> +
> static void clipboard_received_cb(GtkClipboard *clipboard,
> GtkSelectionData *selection_data,
> gpointer user_data)
> @@ -845,18 +863,12 @@ static void clipboard_received_cb(GtkClipboard *clipboard,
> gchar* name;
> GdkAtom atom;
> int selection;
> - int max_clipboard;
>
> selection = get_selection_from_clipboard(s, clipboard);
> g_return_if_fail(selection != -1);
>
> - g_object_get(s->main, "max-clipboard", &max_clipboard, NULL);
> len = gtk_selection_data_get_length(selection_data);
> - if (max_clipboard != -1 && len > max_clipboard) {
> - g_warning("discarded clipboard of size %d (max: %d)", len, max_clipboard);
> - return;
> - } else if (len <= 0) {
> - SPICE_DEBUG("discarding empty clipboard");
> + if (!check_clipboard_size_limits(self, len)) {
> return;
> } else {
> atom = gtk_selection_data_get_data_type(selection_data);
> @@ -902,6 +914,9 @@ static void clipboard_received_cb(GtkClipboard *clipboard,
> */
> len = strlen((const char *)data);
> }
> + if (!check_clipboard_size_limits(self, len)) {
> + return;
> + }
> }
>
> spice_main_clipboard_selection_notify(s->main, selection, type,
> --
> 2.1.0
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
--
Marc-André Lureau
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel