|
 |
84be6c |
From 5324e83bf636b995522088d508e61ba5543777f4 Mon Sep 17 00:00:00 2001
|
|
|
84be6c |
From: Frediano Ziglio <fziglio@redhat.com>
|
|
|
84be6c |
Date: Thu, 19 Mar 2020 06:07:39 +0000
|
|
|
84be6c |
Subject: [PATCH 2/9] channel-main: Check proper size and caps handling
|
|
|
84be6c |
VD_AGENT_FILE_XFER_STATUS_NOT_ENOUGH_SPACE
|
|
|
84be6c |
|
|
|
84be6c |
VDAgentFileXferStatusMessage message can or cannot contain detailed
|
|
|
84be6c |
information attached to it.
|
|
|
84be6c |
Detect this correctly checking capabilities and flags.
|
|
|
84be6c |
This fixes a small buffer overflow reading in case the details are
|
|
|
84be6c |
off the payload.
|
|
|
84be6c |
|
|
|
84be6c |
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
|
|
|
84be6c |
Acked-by: Victor Toso <victortoso@redhat.com>
|
|
|
84be6c |
(cherry picked from commit b13fd0664075c951f5418f5828c0803408ad664d)
|
|
|
84be6c |
---
|
|
|
84be6c |
meson.build | 2 +-
|
|
|
84be6c |
src/channel-main.c | 16 +++++++++++++---
|
|
|
84be6c |
2 files changed, 14 insertions(+), 4 deletions(-)
|
|
|
84be6c |
|
|
|
84be6c |
diff --git a/meson.build b/meson.build
|
|
|
84be6c |
index 995268b..8098989 100644
|
|
|
84be6c |
--- a/meson.build
|
|
|
84be6c |
+++ b/meson.build
|
|
|
84be6c |
@@ -81,7 +81,7 @@ endforeach
|
|
|
84be6c |
#
|
|
|
84be6c |
# check for mandatory dependencies
|
|
|
84be6c |
#
|
|
|
84be6c |
-spice_protocol_version='>= 0.14.1'
|
|
|
84be6c |
+spice_protocol_version='>= 0.14.2'
|
|
|
84be6c |
|
|
|
84be6c |
glib_version = '2.46'
|
|
|
84be6c |
glib_version_info = '>= @0@'.format(glib_version)
|
|
|
84be6c |
diff --git a/src/channel-main.c b/src/channel-main.c
|
|
|
84be6c |
index e89b813..c4fe02b 100644
|
|
|
84be6c |
--- a/src/channel-main.c
|
|
|
84be6c |
+++ b/src/channel-main.c
|
|
|
84be6c |
@@ -1891,6 +1891,7 @@ static void file_xfer_read_async_cb(GObject *source_object,
|
|
|
84be6c |
|
|
|
84be6c |
/* coroutine context */
|
|
|
84be6c |
static void main_agent_handle_xfer_status(SpiceMainChannel *channel,
|
|
|
84be6c |
+ const VDAgentMessage *msg_hdr,
|
|
|
84be6c |
VDAgentFileXferStatusMessage *msg)
|
|
|
84be6c |
{
|
|
|
84be6c |
SpiceFileTransferTask *xfer_task;
|
|
|
84be6c |
@@ -1917,8 +1918,17 @@ static void main_agent_handle_xfer_status(SpiceMainChannel *channel,
|
|
|
84be6c |
_("The spice agent reported an error during the file transfer"));
|
|
|
84be6c |
break;
|
|
|
84be6c |
case VD_AGENT_FILE_XFER_STATUS_NOT_ENOUGH_SPACE: {
|
|
|
84be6c |
- uint64_t *free_space = SPICE_ALIGNED_CAST(uint64_t *, msg->data);
|
|
|
84be6c |
- gchar *free_space_str = g_format_size(*free_space);
|
|
|
84be6c |
+ const VDAgentFileXferStatusNotEnoughSpace *err =
|
|
|
84be6c |
+ (VDAgentFileXferStatusNotEnoughSpace*) msg->data;
|
|
|
84be6c |
+ if (!test_agent_cap(channel, VD_AGENT_CAP_FILE_XFER_DETAILED_ERRORS) ||
|
|
|
84be6c |
+ msg_hdr->size < sizeof(*msg) + sizeof(*err)) {
|
|
|
84be6c |
+ error =
|
|
|
84be6c |
+ g_error_new(SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED,
|
|
|
84be6c |
+ _("File transfer failed due to lack of free space on remote machine"));
|
|
|
84be6c |
+ break;
|
|
|
84be6c |
+ }
|
|
|
84be6c |
+
|
|
|
84be6c |
+ gchar *free_space_str = g_format_size(err->disk_free_space);
|
|
|
84be6c |
gchar *file_size_str = g_format_size(spice_file_transfer_task_get_total_bytes(xfer_task));
|
|
|
84be6c |
error = g_error_new(SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED,
|
|
|
84be6c |
_("File transfer failed due to lack of free space on remote machine "
|
|
|
84be6c |
@@ -2110,7 +2120,7 @@ static void main_agent_handle_msg(SpiceChannel *channel,
|
|
|
84be6c |
break;
|
|
|
84be6c |
}
|
|
|
84be6c |
case VD_AGENT_FILE_XFER_STATUS:
|
|
|
84be6c |
- main_agent_handle_xfer_status(self, payload);
|
|
|
84be6c |
+ main_agent_handle_xfer_status(self, msg, payload);
|
|
|
84be6c |
break;
|
|
|
84be6c |
default:
|
|
|
84be6c |
g_warning("unhandled agent message type: %u (%s), size %u",
|
|
|
84be6c |
--
|
|
|
84be6c |
2.26.2
|
|
|
84be6c |
|