rpms / spice-gtk

Clone
Source Code
GIT

Files

  1.   07d9f93a69fd9af22028be2b535cf0b3815f0744
  2.   SOURCES
  3.   0011-spice-uri-Check-if-port-is-in-allowed-range.patch
Blob Blame History Raw 
From fabbac1b93acb2ffd406e30092b0cecdfed04dd7 Mon Sep 17 00:00:00 2001
From: Pavel Grunt <pgrunt@redhat.com>
Date: Wed, 1 Jun 2016 10:04:47 +0200
Subject: [PATCH 11/15] spice-uri: Check if port is in allowed range

Use g_ascii_strtoll because it helps to detect overflow.

Related: rhbz#1335239

Acked-by: Victor Toso <victortoso@redhat.com>
(cherry picked from commit eacbe261d48979f72585225107d00bba76623e8e)
---
 src/spice-uri.c | 8 ++++++--
 tests/uri.c     | 3 +++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/spice-uri.c b/src/spice-uri.c
index ce99f49..51a6d34 100644
--- a/src/spice-uri.c
+++ b/src/spice-uri.c
@@ -141,8 +141,8 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)
         uri_port = uriv[1];
 
     if (uri_port != NULL) {
-        char *endptr;
-        guint port = strtoul(uri_port, &endptr, 10);
+        gchar *endptr;
+        gint64 port = g_ascii_strtoll(uri_port, &endptr, 10);
         if (*endptr != '\0') {
             g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED,
                         "Invalid uri port: %s", uri_port);
@@ -151,6 +151,10 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)
             g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED, "Missing uri port");
             goto end;
         }
+        if (port <= 0 || port > 65535) {
+            g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED, "Port out of range");
+            goto end;
+        }
         spice_uri_set_port(self, port);
     }
 
diff --git a/tests/uri.c b/tests/uri.c
index ee3d061..34569ec 100644
--- a/tests/uri.c
+++ b/tests/uri.c
@@ -76,6 +76,9 @@ static void test_spice_uri_ipv4_bad(void)
         {"http://127.0.0.1:port", "http", "127.0.0.1", 3128, NULL, NULL,
           "Invalid uri port: port"},
         {"http://127.0.0.1:", "http", "127.0.0.1", 3128, NULL, NULL, "Missing uri port"},
+        {"http://127.0.0.1:-80", "http", "127.0.0.1", 3128, NULL, NULL, "Port out of range"},
+        {"http://127.0.0.1:4294967396", "http", "127.0.0.1", 3128, NULL, NULL, "Port out of range"},
+        {"http://127.0.0.1:12345678901234", "http", "127.0.0.1", 3128, NULL, NULL, "Port out of range"},
     };
 
     test_spice_uri_bad(invalid_test_cases, G_N_ELEMENTS(invalid_test_cases));
-- 
2.5.5

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation