Re: [PATCH for-8.0] ui/vnc: fix bad address parsing

qemu-trivial

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-8.0] ui/vnc: fix bad address parsing

From:	Philippe Mathieu-Daudé
Subject:	Re: [PATCH for-8.0] ui/vnc: fix bad address parsing
Date:	Tue, 6 Dec 2022 21:12:32 +0100
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.5.1

On 6/12/22 20:23, Vladimir Sementsov-Ogievskiy wrote:

IF addrstr == "[" and websocket is true, hostlen becomes 0 and we try
to access addrstr[hostlen-1] which is bad idea.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
---
  ui/vnc.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index 88f55cbf3c..8830bfe382 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -3765,7 +3765,7 @@ static int vnc_display_get_address(const char *addrstr,

addr->type = SOCKET_ADDRESS_TYPE_INET;

          inet = &addr->u.inet;
-        if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
+        if (hostlen >= 2 && addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
              inet->host = g_strndup(addrstr + 1, hostlen - 2);
          } else {
              inet->host = g_strndup(addrstr, hostlen);


If addrstr is "[" then inet->host ends up being "[" too now, right?

I was pretty sure we had a helper for that, but can't find any.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH for-8.0] ui/vnc: fix bad address parsing, Vladimir Sementsov-Ogievskiy, 2022/12/06
- Re: [PATCH for-8.0] ui/vnc: fix bad address parsing, Philippe Mathieu-Daudé <=
  - Re: [PATCH for-8.0] ui/vnc: fix bad address parsing, Vladimir Sementsov-Ogievskiy, 2022/12/07

Prev by Date: [PATCH for-8.0] ui/vnc: fix bad address parsing
Next by Date: Re: [PATCH for-8.0] ui/vnc: fix bad address parsing
Previous by thread: [PATCH for-8.0] ui/vnc: fix bad address parsing
Next by thread: Re: [PATCH for-8.0] ui/vnc: fix bad address parsing
Index(es):
- Date
- Thread