diff options
author | Peter Hatina <phatina@redhat.com> | 2012-07-11 12:59:05 +0200 |
---|---|---|
committer | Peter Hatina <phatina@redhat.com> | 2012-07-16 08:44:29 +0200 |
commit | 3dc14c2c7a113553c5dc78cee36d084466fd312f (patch) | |
tree | 9c39f51291667be7b56a6392733621a63f1f0f08 | |
parent | 858796a39805ef8075cd8bebf5dc85ec4b3d0cdf (diff) |
validate tcp port values
-rw-r--r-- | SpiceXPI/src/plugin/plugin.cpp | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/SpiceXPI/src/plugin/plugin.cpp b/SpiceXPI/src/plugin/plugin.cpp index b7f61ba..cb4bc8e 100644 --- a/SpiceXPI/src/plugin/plugin.cpp +++ b/SpiceXPI/src/plugin/plugin.cpp @@ -106,6 +106,18 @@ namespace { return dest; } + + // helper function for tcp/udp range conversion and validation + static int portToInt(const std::string &port) + { + errno = 0; + char *end; + const long int min = 0; + const long int max = 65535; + long int conv = strtol(port.c_str(), &end, 10); + return (errno || *end != '\0' || end == port.c_str() || conv < min || conv > max) + ? -1 : static_cast<int>(conv); + } } #ifdef NPAPI_USE_CONSTCHARS @@ -581,6 +593,19 @@ void nsPluginInstance::SendStr(uint32_t id, std::string str) void nsPluginInstance::Connect() { + const int port = portToInt(m_port); + const int sport = portToInt(m_secure_port); + if (port < 0) + g_warning("invalid port: '%s'", m_port.c_str()); + if (sport < 0) + g_warning("invalid secure port: '%s'", m_secure_port.c_str()); + if (port <= 0 && sport <= 0) + { + m_connected_status = 1; + CallOnDisconnected(m_connected_status); + return; + } + std::string socket_file(m_tmp_dir); socket_file += "/spice-xpi"; if (setenv("SPICE_XPI_SOCKET", socket_file.c_str(), 1)) @@ -678,8 +703,10 @@ void nsPluginInstance::Connect() SendInit(); SendStr(CONTROLLER_HOST, m_host_ip); - SendValue(CONTROLLER_PORT, atoi(m_port.c_str())); - SendValue(CONTROLLER_SPORT, atoi(m_secure_port.c_str())); + if (port > 0) + SendValue(CONTROLLER_PORT, port); + if (sport > 0) + SendValue(CONTROLLER_SPORT, sport); SendValue(CONTROLLER_FULL_SCREEN, (m_fullscreen == PR_TRUE ? CONTROLLER_SET_FULL_SCREEN : 0) | (m_admin_console == PR_FALSE ? CONTROLLER_AUTO_DISPLAY_RES : 0)); |