Although dispatcher_send_message() does not allow you to send a message
type that is invalid for a dispatcher, it still makes sense to be
defensive in the receiver. Validate that the message type that was read
from the socket is in fact a valid message type for this dispatcher.
---
server/dispatcher.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/server/dispatcher.c b/server/dispatcher.c
index 4e03ea046..965bae8e8 100644
--- a/server/dispatcher.c
+++ b/server/dispatcher.c
@@ -285,6 +285,10 @@ static int dispatcher_handle_single_read(Dispatcher *dispatcher)
/* no messsage */
return 0;
}
+ if (type >= dispatcher->priv->max_message_type) {
+ spice_printerr("Invalid message type for this dispatcher: %u", type);
+ return 0;
+ }
msg = &dispatcher->priv->messages[type];
if (read_safe(dispatcher->priv->recv_fd, payload, msg->size, 1) == -1) {
spice_printerr("error reading from dispatcher: %d", errno);
--
2.13.3
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel