Use g_ascii_strtoll because it helps to detect overflow.
Related: rhbz#1335239
Acked-by: Victor Toso <victortoso@xxxxxxxxxx>
---
src/spice-uri.c | 8 ++++++--
tests/uri.c | 3 +++
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/spice-uri.c b/src/spice-uri.c
index ea25aaa..7eec6e5 100644
--- a/src/spice-uri.c
+++ b/src/spice-uri.c
@@ -170,8 +170,8 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)
uri_port = uriv[1];
if (uri_port != NULL) {
- char *endptr;
- guint port = strtoul(uri_port, &endptr, 10);
+ gchar *endptr;
+ gint64 port = g_ascii_strtoll(uri_port, &endptr, 10);
if (*endptr != '\0') {
g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED,
"Invalid uri port: %s", uri_port);
@@ -180,6 +180,10 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)
g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED, "Missing uri port");
goto end;
}
+ if (port <= 0 || port > 65535) {
+ g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED, "Port out of range");
+ goto end;
+ }
spice_uri_set_port(self, port);
}
diff --git a/tests/uri.c b/tests/uri.c
index ee3d061..34569ec 100644
--- a/tests/uri.c
+++ b/tests/uri.c
@@ -76,6 +76,9 @@ static void test_spice_uri_ipv4_bad(void)
{"http://127.0.0.1:port";, "http", "127.0.0.1", 3128, NULL, NULL,
"Invalid uri port: port"},
{"http://127.0.0.1:";, "http", "127.0.0.1", 3128, NULL, NULL, "Missing uri port"},
+ {"http://127.0.0.1:-80";, "http", "127.0.0.1", 3128, NULL, NULL, "Port out of range"},
+ {"http://127.0.0.1:4294967396";, "http", "127.0.0.1", 3128, NULL, NULL, "Port out of range"},
+ {"http://127.0.0.1:12345678901234";, "http", "127.0.0.1", 3128, NULL, NULL, "Port out of range"},
};
test_spice_uri_bad(invalid_test_cases, G_N_ELEMENTS(invalid_test_cases));
--
2.8.3
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel