Define a constant to limit data from guest.

This limit will prevent guest trying to do nasty things and DoS to host. Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
author: Frediano Ziglio <fziglio@redhat.com> 2015-09-08 11:58:11 +0100
committer: Frediano Ziglio <fziglio@redhat.com> 2015-10-06 11:11:10 +0100
commit: 0205a6ce63f50af9eda03f14d93b3a2517c42fae (patch)
tree: 46a5eb7b8c8e74eeb87396c71d20d488894981d7
parent: 097c638b121e595d9daf79285c447088027a58e2 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/server/red_parse_qxl.c b/server/red_parse_qxl.c
index 5b1befa..3ffa57b 100644
--- a/server/red_parse_qxl.c
+++ b/server/red_parse_qxl.c
@@ -21,11 +21,22 @@
 
 #include <stdbool.h>
 #include <inttypes.h>
+#include <glib.h>
 #include "common/lz_common.h"
 #include "red_common.h"
 #include "red_memslots.h"
 #include "red_parse_qxl.h"
 
+/* Max size in bytes for any data field used in a QXL command.
+ * This will for example be useful to prevent the guest from saturating the
+ * host memory if it tries to send overlapping chunks.
+ * This value should be big enough for all requests but limited
+ * to 32 bits. Even better if it fits on 31 bits to detect integer overflows.
+ */
+#define MAX_DATA_CHUNK 0x7ffffffflu
+
+G_STATIC_ASSERT(MAX_DATA_CHUNK <= G_MAXINT32);
+
 #if 0
 static void hexdump_qxl(RedMemSlotInfo *slots, int group_id,
                         QXLPHYSICAL addr, uint8_t bytes)
author	Frediano Ziglio <fziglio@redhat.com>	2015-09-08 11:58:11 +0100
committer	Frediano Ziglio <fziglio@redhat.com>	2015-10-06 11:11:10 +0100
commit	0205a6ce63f50af9eda03f14d93b3a2517c42fae (patch)
tree	46a5eb7b8c8e74eeb87396c71d20d488894981d7
parent	097c638b121e595d9daf79285c447088027a58e2 (diff)