|
 |
73b8f2 |
From 247209c1f1c6a41d9fe0532ae17f19ae1cdcc2f7 Mon Sep 17 00:00:00 2001
|
|
|
73b8f2 |
From: Frediano Ziglio <fziglio@redhat.com>
|
|
|
73b8f2 |
Date: Tue, 8 Sep 2015 11:58:11 +0100
|
|
|
73b8f2 |
Subject: [PATCH 41/57] Define a constant to limit data from guest.
|
|
|
73b8f2 |
|
|
|
73b8f2 |
This limit will prevent guest trying to do nasty things and DoS to host.
|
|
|
73b8f2 |
|
|
|
73b8f2 |
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
|
|
|
73b8f2 |
---
|
|
|
73b8f2 |
server/red_parse_qxl.c | 11 +++++++++++
|
|
|
73b8f2 |
1 file changed, 11 insertions(+)
|
|
|
73b8f2 |
|
|
|
73b8f2 |
diff --git a/server/red_parse_qxl.c b/server/red_parse_qxl.c
|
|
|
73b8f2 |
index 6c0b065..4449f2c 100644
|
|
|
73b8f2 |
--- a/server/red_parse_qxl.c
|
|
|
73b8f2 |
+++ b/server/red_parse_qxl.c
|
|
|
73b8f2 |
@@ -21,11 +21,22 @@
|
|
|
73b8f2 |
|
|
|
73b8f2 |
#include <stdbool.h>
|
|
|
73b8f2 |
#include <inttypes.h>
|
|
|
73b8f2 |
+#include <glib.h>
|
|
|
73b8f2 |
#include "common/lz_common.h"
|
|
|
73b8f2 |
#include "red_common.h"
|
|
|
73b8f2 |
#include "red_memslots.h"
|
|
|
73b8f2 |
#include "red_parse_qxl.h"
|
|
|
73b8f2 |
|
|
|
73b8f2 |
+/* Max size in bytes for any data field used in a QXL command.
|
|
|
73b8f2 |
+ * This will for example be useful to prevent the guest from saturating the
|
|
|
73b8f2 |
+ * host memory if it tries to send overlapping chunks.
|
|
|
73b8f2 |
+ * This value should be big enough for all requests but limited
|
|
|
73b8f2 |
+ * to 32 bits. Even better if it fits on 31 bits to detect integer overflows.
|
|
|
73b8f2 |
+ */
|
|
|
73b8f2 |
+#define MAX_DATA_CHUNK 0x7ffffffflu
|
|
|
73b8f2 |
+
|
|
|
73b8f2 |
+G_STATIC_ASSERT(MAX_DATA_CHUNK <= G_MAXINT32);
|
|
|
73b8f2 |
+
|
|
|
73b8f2 |
#if 0
|
|
|
73b8f2 |
static void hexdump_qxl(RedMemSlotInfo *slots, int group_id,
|
|
|
73b8f2 |
QXLPHYSICAL addr, uint8_t bytes)
|
|
|
73b8f2 |
--
|
|
|
73b8f2 |
2.4.3
|
|
|
73b8f2 |
|