Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
spice.5102
CVE-2016-9578-remote-dos-via-crafted-message.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-9578-remote-dos-via-crafted-message.patch of Package spice.5102
From fb8760d657271f52b357f83615c81bc984a3a197 Mon Sep 17 00:00:00 2001 From: Frediano Ziglio <fziglio@redhat.com> Date: Mon, 28 Nov 2016 13:15:58 +0000 Subject: [PATCH spice-server] Prevent possible DoS attempts during protocol handshake Signed-off-by: Frediano Ziglio <fziglio@redhat.com> --- server/reds.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) Index: spice-0.12.5/server/reds.c =================================================================== --- spice-0.12.5.orig/server/reds.c 2017-02-02 14:04:04.651220543 +0100 +++ spice-0.12.5/server/reds.c 2017-02-02 14:12:48.738422831 +0100 @@ -2056,6 +2056,14 @@ static void reds_handle_read_link_done(v return; } + /* Prevent DoS. Currently we defined only 13 capabilities so here 1 would suffice, + * I expect 1024 to be valid for quite a lot time */ + if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) { + reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); + reds_link_free(link); + return; + } + auth_selection = test_capability(caps, link_mess->num_common_caps, SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION); @@ -2130,7 +2138,8 @@ static void reds_handle_read_header_done reds->peer_minor_version = header->minor_version; - if (header->size < sizeof(SpiceLinkMess)) { + /* the check for 4096 is to avoid clients to attempt DoS to the server */ + if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) { reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); spice_warning("bad size %u", header->size); reds_link_free(link);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor