Overview

File 0002-CVE-2020-25651-vdagentd-do-not-allow-to-use-an-already-used-file-xfer-id.patch of Package spice-vdagent.20484

Subject: vdagentd: do not allow to use an already used file-xfer id
From: Uri Lublin uril@redhat.com Sun Oct 11 20:59:17 2020 +0300
Date: Tue Nov 3 09:44:05 2020 +0000:
Git: b7db1c20c9f80154fb54392eb44add3486d3e427

Signed-off-by: Uri Lublin <uril@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>

Index: spice-vdagent-0.17.0/src/vdagentd.c
===================================================================
--- spice-vdagent-0.17.0.orig/src/vdagentd.c
+++ spice-vdagent-0.17.0/src/vdagentd.c
@@ -355,6 +355,13 @@ static void do_client_file_xfer(struct v
                "Cancelling client file-xfer request %u",
                s->id, VD_AGENT_FILE_XFER_STATUS_ERROR);
             return;
+        } else if (g_hash_table_lookup(active_xfers, GUINT_TO_POINTER(s->id)) != NULL) {
+            // id is already used -- client is confused
+            send_file_xfer_status(vport,
+               "File transfer ID is already used. "
+               "Cancelling client file-xfer request %u",
+               s->id, VD_AGENT_FILE_XFER_STATUS_ERROR);
+            return;
         }
         msg_type = VDAGENTD_FILE_XFER_START;
         id = s->id;
openSUSE Build Service is sponsored by
Places