import spice-0.14.3-3.el8

This commit is contained in:
CentOS Sources 2020-07-14 01:58:03 +00:00 committed by Andrew Lukoshko
parent 191d4f127c
commit 4dea892412
3 changed files with 82 additions and 2 deletions

View File

@ -0,0 +1,32 @@
From b8f4d7d2c7a3d08a82f4bc7588cdff15cee54292 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Tue, 16 Jun 2020 11:49:19 +0100
Subject: [PATCH] websocket: Fix possible integer overflow
The shift of a uint_8 number by a number > 32 causes an overflow.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <ulublin@redhat.com>
---
server/websocket.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/server/websocket.c b/server/websocket.c
index f5df63f8..82b20b49 100644
--- a/server/websocket.c
+++ b/server/websocket.c
@@ -165,8 +165,9 @@ static uint64_t extract_length(const uint8_t *buf, int *used)
case LENGTH_64BIT:
*used += 8;
outlen = 0;
- for (i = 56; i >= 0; i -= 8) {
- outlen |= (*buf++) << i;
+ for (i = 0; i < 8; ++i) {
+ outlen <<= 8;
+ outlen |= *buf++;
}
break;
--
2.26.2

View File

@ -0,0 +1,41 @@
From 954eabaeb76a0f93a32210b6bf63157ad2c0fb22 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Wed, 17 Jun 2020 11:52:05 +0300
Subject: [PATCH] test-websocket: check setsockopt return value
Acked-by: Frediano Ziglio <fziglio@redhat.com>
---
server/tests/test-websocket.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/server/tests/test-websocket.c b/server/tests/test-websocket.c
index 2115411e..701f5408 100644
--- a/server/tests/test-websocket.c
+++ b/server/tests/test-websocket.c
@@ -146,7 +146,10 @@ main(int argc, char **argv)
}
int enable = 1;
- setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &enable, sizeof(enable));
+ if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
+ (const void *) &enable, sizeof(enable)) < 0) {
+ err(1, "setsockopt reuseaddr");
+ }
if (non_blocking) {
red_socket_set_non_blocking(sock, true);
@@ -200,7 +203,10 @@ handle_client(int new_sock)
}
int enable = 1;
- setsockopt(new_sock, SOL_TCP, TCP_NODELAY, (const void *) &enable, sizeof(enable));
+ if (setsockopt(new_sock, SOL_TCP, TCP_NODELAY,
+ (const void *) &enable, sizeof(enable)) < 0) {
+ err(1, "setsockopt nodelay");
+ }
// wait header
wait_for(new_sock, POLLIN);
--
2.26.2

View File

@ -1,6 +1,6 @@
Name: spice
Version: 0.14.3
Release: 2%{?dist}
Release: 3%{?dist}
Summary: Implements the SPICE protocol
Group: User Interface/Desktops
License: LGPLv2+
@ -13,6 +13,9 @@ Patch2: 0002-quic-Check-image-size-in-quic_decode_begin.patch
Patch3: 0003-quic-Check-RLE-lengths.patch
Patch4: 0004-quic-Avoid-possible-buffer-overflow-in-find_bucket.patch
Patch5: 0005-websocket-Fix-possible-integer-overflow.patch
Patch6: 0006-test-websocket-check-setsockopt-return-value.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=613529
%if 0%{?rhel} && 0%{?rhel} <= 7
ExclusiveArch: x86_64
@ -46,7 +49,6 @@ variety of machine architectures.
%package server
Summary: Implements the server side of the SPICE protocol
Group: System Environment/Libraries
Obsoletes: spice-client < %{version}-%{release}
%description server
The Simple Protocol for Independent Computing Environments (SPICE) is
@ -110,6 +112,11 @@ mkdir -p %{buildroot}%{_libexecdir}
%changelog
* Wed Jun 17 2020 Uri Lublin <uril@redhat.com> - 0.14.3-3
- Fix some static analyzer issues
- Removed Obsoletes line for spice-client
Related: rhbz#1840240
* Mon Jun 1 2020 Frediano Ziglio <fziglio@redhat.com> - 0.14.3-2
- Fix multiple buffer overflows in QUIC decoding code
Resolves: rhbz#1829946