[vdagent-win PATCH] Prevent possible future buffer overflow

Frediano Ziglio <fziglio@xxxxxxxxxx> · Wed, 26 Jul 2017 08:21:04 +0100

event_type should come only with specific values but
this in theory can change in the future.
To prevent overflows (just for logging) check value size
against lookup array.

Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
---
 vdservice/vdservice.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/vdservice/vdservice.cpp b/vdservice/vdservice.cpp
index 329f9c2..ec6243e 100644
--- a/vdservice/vdservice.cpp
+++ b/vdservice/vdservice.cpp
@@ -284,7 +284,8 @@ DWORD WINAPI VDService::control_handler(DWORD control, DWORD event_type, LPVOID
         break;
     case SERVICE_CONTROL_SESSIONCHANGE: {
         DWORD session_id = ((WTSSESSION_NOTIFICATION*)event_data)->dwSessionId;
-        vd_printf("Session %lu %s", session_id, session_events[event_type]);
+        vd_printf("Session %lu %s", session_id,
+                  event_type < ARRAYSIZE(session_events) ? session_events[event_type]: "unknown");
         SetServiceStatus(s->_status_handle, &s->_status);
         if (event_type == WTS_CONSOLE_CONNECT) {
             s->_session_id = session_id;
-- 
2.13.3

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel







