[PATCH spice-server v2 1/3] Dispatcher: validate received message types

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Although dispatcher_send_message() does not allow you to send a message
type that is invalid for a dispatcher, it still makes sense to verify
that the type is valid in the receiver. This should only be possible in
the case of some severe problem such as memory corruption, so if it is
invalid, we simply abort.

Signed-off-by: Jonathon Jongsma <jjongsma@xxxxxxxxxx>
---
 server/dispatcher.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/dispatcher.c b/server/dispatcher.c
index 4e03ea046..6f2c4d85e 100644
--- a/server/dispatcher.c
+++ b/server/dispatcher.c
@@ -285,6 +285,10 @@ static int dispatcher_handle_single_read(Dispatcher *dispatcher)
         /* no messsage */
         return 0;
     }
+    if (type >= dispatcher->priv->max_message_type) {
+        spice_error("Invalid message type for this dispatcher: %u", type);
+        return 0;
+    }
     msg = &dispatcher->priv->messages[type];
     if (read_safe(dispatcher->priv->recv_fd, payload, msg->size, 1) == -1) {
         spice_printerr("error reading from dispatcher: %d", errno);
-- 
2.13.3

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]