From 247209c1f1c6a41d9fe0532ae17f19ae1cdcc2f7 Mon Sep 17 00:00:00 2001 From: Frediano Ziglio Date: Tue, 8 Sep 2015 11:58:11 +0100 Subject: [PATCH 41/57] Define a constant to limit data from guest. This limit will prevent guest trying to do nasty things and DoS to host. Signed-off-by: Frediano Ziglio --- server/red_parse_qxl.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/server/red_parse_qxl.c b/server/red_parse_qxl.c index 6c0b065..4449f2c 100644 --- a/server/red_parse_qxl.c +++ b/server/red_parse_qxl.c @@ -21,11 +21,22 @@ #include #include +#include #include "common/lz_common.h" #include "red_common.h" #include "red_memslots.h" #include "red_parse_qxl.h" +/* Max size in bytes for any data field used in a QXL command. + * This will for example be useful to prevent the guest from saturating the + * host memory if it tries to send overlapping chunks. + * This value should be big enough for all requests but limited + * to 32 bits. Even better if it fits on 31 bits to detect integer overflows. + */ +#define MAX_DATA_CHUNK 0x7ffffffflu + +G_STATIC_ASSERT(MAX_DATA_CHUNK <= G_MAXINT32); + #if 0 static void hexdump_qxl(RedMemSlotInfo *slots, int group_id, QXLPHYSICAL addr, uint8_t bytes) -- 2.4.3