diff options
author | Frediano Ziglio <fziglio@redhat.com> | 2015-09-08 11:58:11 +0100 |
---|---|---|
committer | Frediano Ziglio <fziglio@redhat.com> | 2015-10-06 11:11:10 +0100 |
commit | 0205a6ce63f50af9eda03f14d93b3a2517c42fae (patch) | |
tree | 46a5eb7b8c8e74eeb87396c71d20d488894981d7 | |
parent | 097c638b121e595d9daf79285c447088027a58e2 (diff) |
Define a constant to limit data from guest.
This limit will prevent guest trying to do nasty things and DoS to host.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
-rw-r--r-- | server/red_parse_qxl.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/server/red_parse_qxl.c b/server/red_parse_qxl.c index 5b1befa..3ffa57b 100644 --- a/server/red_parse_qxl.c +++ b/server/red_parse_qxl.c @@ -21,11 +21,22 @@ #include <stdbool.h> #include <inttypes.h> +#include <glib.h> #include "common/lz_common.h" #include "red_common.h" #include "red_memslots.h" #include "red_parse_qxl.h" +/* Max size in bytes for any data field used in a QXL command. + * This will for example be useful to prevent the guest from saturating the + * host memory if it tries to send overlapping chunks. + * This value should be big enough for all requests but limited + * to 32 bits. Even better if it fits on 31 bits to detect integer overflows. + */ +#define MAX_DATA_CHUNK 0x7ffffffflu + +G_STATIC_ASSERT(MAX_DATA_CHUNK <= G_MAXINT32); + #if 0 static void hexdump_qxl(RedMemSlotInfo *slots, int group_id, QXLPHYSICAL addr, uint8_t bytes) |