Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:9106
spice.openSUSE_Leap_42.3_Update
CVE-2016-9578-remote-dos-via-crafted-message.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-9578-remote-dos-via-crafted-message.patch of Package spice.openSUSE_Leap_42.3_Update
From fb8760d657271f52b357f83615c81bc984a3a197 Mon Sep 17 00:00:00 2001 From: Frediano Ziglio <fziglio@redhat.com> Date: Mon, 28 Nov 2016 13:15:58 +0000 Subject: [PATCH spice-server] Prevent possible DoS attempts during protocol handshake Signed-off-by: Frediano Ziglio <fziglio@redhat.com> --- server/reds.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) Index: spice-0.12.7/server/reds.c =================================================================== --- spice-0.12.7.orig/server/reds.c 2016-04-14 17:09:22.000000000 +0200 +++ spice-0.12.7/server/reds.c 2017-02-02 12:21:06.346289634 +0100 @@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(v link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps); link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps); + /* Prevent DoS. Currently we defined only 13 capabilities so here 1 would suffice, + * I expect 1024 to be valid for quite a lot time */ + if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) { + reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); + reds_link_free(link); + return; + } + num_caps = link_mess->num_common_caps + link_mess->num_channel_caps; caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset); @@ -2202,7 +2210,8 @@ static void reds_handle_read_header_done reds->peer_minor_version = header->minor_version; - if (header->size < sizeof(SpiceLinkMess)) { + /* the check for 4096 is to avoid clients to attempt DoS to the server */ + if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) { reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); spice_warning("bad size %u", header->size); reds_link_free(link);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor