[spice-server,14/23] websocket: Avoid possible server crash using websockets

Submitted by Frediano Ziglio on June 25, 2019, 4:11 p.m.

Details

Message ID 20190625161147.25211-15-fziglio@redhat.com
State Accepted
Commit 39a791a964a7b4553f7cb0235380c55af13c3f8a
Headers show
Series "WebSocket support" ( rev: 1 ) in Spice

Not browsing as part of any series.

Commit Message

Frediano Ziglio June 25, 2019, 4:11 p.m.
Currently code don't handle if system can't sent the
header in a single write command.
Don't cause abort but just close the connection.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
---
 server/websocket.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/server/websocket.c b/server/websocket.c
index dda71f768..6f1581f9c 100644
--- a/server/websocket.c
+++ b/server/websocket.c
@@ -439,7 +439,12 @@  int websocket_writev(RedsWebSocket *ws, const struct iovec *iov, int iovcnt)
     }
     rc -= header_len;
 
-    spice_assert(rc >= 0);
+    /* TODO this in theory can happen if we can't write the header */
+    if (SPICE_UNLIKELY(rc < 0)) {
+        ws->closed = true;
+        errno = EPIPE;
+        return -1;
+    }
 
     /* Key point:  if we did not write out all the data, remember how
        much more data the client is expecting, and write that data without