From e45a8b586d19e7eb36f4fa72c2457947e5abb5de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 7 Jun 2016 01:56:21 +0200 Subject: [PATCH 14/15] Explicitly specify size of SpiceMsgSmartcardData Without this, the demarshalling code does not know we expect exactly SpiceMsgSmartcardData::length bytes, and has to guess it from the amount of data which was sent Signed-off-by: Frediano Ziglio Acked-by: Christophe Fergeau --- spice-common/common/generated_client_demarshallers.c | 8 +++++++- spice-common/common/generated_server_marshallers.c | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/spice-common/common/generated_client_demarshallers.c b/spice-common/common/generated_client_demarshallers.c index e1393e7..62ef234 100644 --- a/spice-common/common/generated_client_demarshallers.c +++ b/spice-common/common/generated_client_demarshallers.c @@ -7854,7 +7854,13 @@ static uint8_t * parse_msg_smartcard_data(uint8_t *message_start, uint8_t *messa SpiceMsgSmartcard *out; { /* data */ - data__nelements = message_end - (start + 12); + uint32_t length__value; + pos = start + 8; + if (SPICE_UNLIKELY(pos + 4 > message_end)) { + goto error; + } + length__value = read_uint32(pos); + data__nelements = length__value; data__nw_size = data__nelements; data__mem_size = sizeof(uint8_t) * data__nelements; diff --git a/spice-common/common/generated_server_marshallers.c b/spice-common/common/generated_server_marshallers.c index c00de5e..0f4978d 100644 --- a/spice-common/common/generated_server_marshallers.c +++ b/spice-common/common/generated_server_marshallers.c @@ -1358,7 +1358,7 @@ void spice_marshall_msg_smartcard_data(SPICE_GNUC_UNUSED SpiceMarshaller *m, SPI spice_marshaller_add_uint32(m, src->type); spice_marshaller_add_uint32(m, src->reader_id); spice_marshaller_add_uint32(m, src->length); - /* Remaining data must be appended manually */ + /* Don't marshall @nomarshal data */ } #endif /* USE_SMARTCARD */ -- 2.5.5