summaryrefslogtreecommitdiffstats
path: root/server
Commit message (Collapse)AuthorAgeFilesLines
* Check RSA_generate_key_ex return valueChristophe Fergeau2014-03-201-2/+9
| | | | | | | | | | | | | | | | | | This can fail in fips mode for example. If we ignore the failure, we'll get a crash: #0 0x00007f38d63728a0 in BN_num_bits () from /lib64/libcrypto.so.10 #1 0x00007f38d639661d in RSA_size () from /lib64/libcrypto.so.10 #2 0x00007f38d7991762 in reds_handle_read_link_done () from /lib64/libspice-server.so.1 #3 0x00007f38d7990c06 in spice_server_add_client () from /lib64/libspice-server.so.1 #4 0x00007f38d7990c6a in reds_accept () from /lib64/libspice-server.so.1 #5 0x00007f38dc0d2946 in qemu_iohandler_poll (pollfds=0x7f38dedce200, ret=755449965, ret@entry=1) at iohandler.c:143 #6 0x00007f38dc0d6ea8 in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:465 #7 0x00007f38dbffd7c0 in main_loop () at vl.c:1988 #8 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4357 This commit will cause the client connection to fail but qemu won't segfault.
* Don't truncate large 'now' values in _spice_timer_setDavid Gibson2014-03-201-6/+7
| | | | | | | | | | | | | | | | | | static void _spice_timer_set(SpiceTimer *timer, uint32_t ms, uint32_t now) The _spice_timer_set() function takes a 32-bit integer for the "now" value. The now value passed in however, can exceed 2^32 (it's in ms and derived from CLOCK_MONOTONIC, which will wrap around a 32-bit integer in around 46 days). If the now value passed in exceeds 2^32, this will mean timers are inserted into the active list with expiry values before the current time, they will immediately trigger, and (if they don't make themselves inactive) be reinserted still before the current time. This leads to an infinite loop in spice_timer_queue_cb(). https://bugzilla.redhat.com/show_bug.cgi?id=1072700
* Associate org.spice-space.webdav.0 port to webdav channelMarc-André Lureau2014-03-191-1/+6
| | | | | | | | | | For example, with qemu, a webdav channel can be created this way: -chardev spiceport,name=org.spice-space.webdav.0,... And redirected to a virtio port: -device virtserialport,...,name=org.spice-space.webdav.0
* Fix test_capability() typoChristophe Fergeau2014-03-133-10/+10
| | | | It was spelt 'capabilty'
* Fix typo in log messageChristophe Fergeau2014-03-131-1/+1
|
* mjpeg: Don't warn on unsupported image formatsChristophe Fergeau2014-03-131-1/+1
| | | | | | | | | | | | When trying to start mjpeg compression mode, mjpeg_encoder_start_frame() tests the image format as its only able to compress 24/32bpp images. On images with lower bit depths, we return MJPEG_ENCODER_FRAME_UNSUPPORTED to indicate this is not a format we can compress. However, this return goes with a spice_warning("unsupported format"). As the rest of the code can cope with this unsupported format by not doing mjpeg compression, it's nicer to downgrade this spice_warning() to spice_debug(). This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1070028
* Make RedsStream::info privateChristophe Fergeau2014-01-202-28/+28
|
* Introduce reds_stream_set_channel()Christophe Fergeau2014-01-203-3/+14
|
* Introduce reds_stream_set_info_flag()Christophe Fergeau2014-01-203-1/+12
|
* Make RedsStream::async_read privateChristophe Fergeau2014-01-202-14/+14
|
* Make RedsStream::sasl privateChristophe Fergeau2014-01-202-71/+71
|
* Make RedsStream read/write functions privateChristophe Fergeau2014-01-202-19/+19
|
* Make RedsStream::ssl privateChristophe Fergeau2014-01-202-18/+18
|
* Introduce reds_stream_is_ssl()Christophe Fergeau2014-01-204-6/+12
|
* Add RedsStream::privChristophe Fergeau2014-01-202-1/+9
| | | | | | | The private data is allocated at the same time as RedsStream and goes immediatly after the main RedsStream data. This private member will allow to hide internal RedsStream implementation details from the rest of spice-server.
* Move SASL authentication to reds_stream.hChristophe Fergeau2014-01-203-423/+563
| | | | | | SASL authentication mostly use members from RedsStream to do its work, so it makes sense to have its code in reds_stream.c. This should allow to make RedsStream::sasl private in the future.
* Move async code to RedsStreamChristophe Fergeau2014-01-203-60/+82
| | | | | | The AsyncRead structure in reds.h wraps an async read + callback to be done on a stream. Moving it to reds_stream.h is needed in order to move SASL authentication there.
* Move stream read/write callbacks to reds_stream.cChristophe Fergeau2014-01-202-77/+75
| | | | | | Now that stream creation and SSL enabling are done by helpers in reds_stream.c, we can move the initialization of the vfunc read/write pointers there too.
* Introduce reds_stream_new() helperChristophe Fergeau2014-01-203-20/+32
| | | | | | Initializing a new stream means initializing quite a few fields. This commit factors this initialization in a dedicated reds_stream_new helper. This also helps moving more code from reds.c to reds_stream.c
* reds: Move SSL-related code to RedsStreamChristophe Fergeau2014-01-203-55/+82
| | | | Code to initiate a SSL stream belongs there
* Move sync_write* to reds_stream.hChristophe Fergeau2014-01-203-55/+58
| | | | They are renamed to reds_stream_write*
* Add reds_stream.[ch]Christophe Fergeau2014-01-209-245/+327
| | | | | Gather common RedsStream code there rather than having it in reds.c
* Move SPICE_GNUC_VISIBLE to red_common.hChristophe Fergeau2014-01-202-2/+2
|
* tests: Avoid malloc failuresChristophe Fergeau2014-01-022-2/+8
| | | | | | test-display-streaming is calling malloc() without checking its return value. Coverity warns about this. This commit switches to g_malloc() to sidestep this warning (g_malloc() never returns NULL but aborts instead).
* tests: Remove unused variablesChristophe Fergeau2014-01-022-3/+0
| | | | | coverity spotted some variables that were declared but not used in server/tests
* Add support for the Opus codecJeremy White2014-01-023-32/+112
| | | | Signed-off-by: Jeremy White <jwhite@codeweavers.com>
* Revise the spice client and server to use the new snd_codec functions in ↵Jeremy White2014-01-022-122/+85
| | | | | | | | spice-common. This makes celt optional, and paves the way to readily add additional codecs. Signed-off-by: Jeremy White <jwhite@codeweavers.com>
* Use TLS version 1.0 or betterDavid Jaša2013-12-121-1/+4
| | | | | | | | | | | | | When creating a TLS socket, both spice-server and spice-gtk currently call SSL_CTX_new(TLSv1_method()). The TLSv1_method() function set the protocol version to TLS 1.0 exclusively. The correct way to support multiple protocol versions is to call SSLv23_method() in spite of its scary name. This method will enable all SSL/TLS protocol versions. The protocol suite may be further narrowed down by setting respective SSL_OP_NO_<version_code> options of SSL context. This possibility is used in this patch in order to block use of SSLv3 that is enabled by default in openssl for client sockets as of now but spice has never used it.
* Remove empty red_time.cChristophe Fergeau2013-12-111-1/+0
|
* Add red_time.h to Makefile.amChristophe Fergeau2013-12-111-0/+1
| | | | | | This file was added in bc50ff076 a few months ago, but is not listed in Makefile.am, and thus not part of tarballs. However, it's being included from other C files, so not having it causes compilation breakage.
* Fix buffer overflow when decrypting client SPICE ticketChristophe Fergeau2013-10-301-12/+32
| | | | | | | | | | | | | | | | | | | | | | | reds_handle_ticket uses a fixed size 'password' buffer for the decrypted password whose size is SPICE_MAX_PASSWORD_LENGTH. However, RSA_private_decrypt which we call for the decryption expects the destination buffer to be at least RSA_size(link->tiTicketing.rsa) bytes long. On my spice-server build, SPICE_MAX_PASSWORD_LENGTH is 60 while RSA_size() is 128, so we end up overflowing 'password' when using long passwords (this was reproduced using the string: 'fullscreen=1proxy=#enter proxy here; e.g spice_proxy = http://[proxy]:[port]' as a password). When the overflow occurs, QEMU dies with: *** stack smashing detected ***: qemu-system-x86_64 terminated This commit ensures we use a corectly sized 'password' buffer, and that it's correctly nul-terminated so that we can use strcmp instead of strncmp. To keep using strncmp, we'd need to figure out which one of 'password' and 'taTicket.password' is the smaller buffer, and use that size. This fixes rhbz#999839
* Remove tunneling supportChristophe Fergeau2013-10-284-3541/+0
| | | | | | It's depending on an unmaintained package (slirp), and I don't think anyone uses that code. It's not tested upstream nor in fedora, so let's remove it.
* Silence gcc false positive with -WuninitializedChristophe Fergeau2013-10-281-0/+6
| | | | | | | | | | | | | | | | | Some versions of gcc warn about: red_channel.c: In function 'red_channel_client_wait_outgoing_item': red_channel.c:2331: error: 'end_time' may be used uninitialized in this function [-Wuninitialized] red_channel.c: In function 'red_channel_client_wait_pipe_item_sent': red_channel.c:2363: error: 'end_time' may be used uninitialized in this function [-Wuninitialized] red_channel.c: In function 'red_channel_wait_all_sent': red_channel.c:2401: error: 'end_time' may be used uninitialized in this function [-Wuninitialized] This is a false positive as end_time is unitialized when timeout is -1, and we will only try to use end_time if timeout is not -1. This commit initializes end_time to UINT64_MAX to avoid that warning. As the test involving end_time will never be reached, we ensure it's always TRUE so that it would be a noop even if it was reached.
* red_tunnel_worker: Fix build error due to missing monitor_latency argumentAxel Lin2013-10-181-1/+1
| | | | | | Fix missing monitor_latency argument in red_channel_client_create call. Signed-off-by: Axel Lin <axel.lin@ingics.com>
* Use hardened linker flags if availableChristophe Fergeau2013-10-101-0/+2
| | | | | | This commit reuse several macros from libvirt to test for support for "-Wl,-z -Wl,relro", "-Wl,-z -Wl,now" and "-Wl,--no-copy-dt-needed-entries", and use them if available.
* Fix PlaybackeCommand typoChristophe Fergeau2013-10-091-1/+1
|
* reds: remove dead codeMarc-André Lureau2013-10-081-33/+0
|
* reds: Fix 'asyc' typoChristophe Fergeau2013-10-081-23/+23
|
* Fix 'recive' typo throughout the code baseChristophe Fergeau2013-10-084-63/+63
| | | | 'receive' was mispelt 'recive' in multiple places.
* Namespace RECEIVE_BUF_SIZEChristophe Fergeau2013-10-083-9/+9
|
* server: handle red_get_surface_cmd() error explicitelyMarc-André Lureau2013-10-071-24/+32
| | | | | Don't ignore red_get_surface_cmd() error, and explicitely interrupt and free cmd before processing.
* server: plug some leaks on errorMarc-André Lureau2013-10-071-2/+7
| | | | | Plug what looks like memory leaks, that could be potentially be triggered by a misbehaving guest.
* server: inputs s/relase/releaseMarc-André Lureau2013-10-071-2/+2
|
* server: release all pressed keys on client disconnectMarc-André Lureau2013-10-071-7/+35
| | | | | | | | | | | | | Releasing modifiers keys unconditionally on disconnect leads to unexpected guest wakeups. To improve the situation, the server can release only the pressed keys, which will prevent the wakeup in most cases. Furthermore, it's not sufficient to release only the modifiers keys. Any key should be released on client disconnect to avoid sticky key press across connections. https://bugzilla.redhat.com/show_bug.cgi?id=871240
* server: mark deprecated symbolsMarc-André Lureau2013-10-072-22/+30
|
* server/tests: avoid using deprecated symbolsMarc-André Lureau2013-10-071-7/+6
|
* server: set dispatcher before calling attache_workerMarc-André Lureau2013-10-073-7/+10
| | | | | This allows to call spice_qxl_add_memslot during attache_worker(), like done in the tests.
* server: remove memslot unused functionsMarc-André Lureau2013-10-012-51/+0
|
* server: remove unused fill_rects_clipMarc-André Lureau2013-09-301-11/+0
| | | | Unused since 62d0c076eb2eb0f9954c3870f31b4dd685e5f95c.
* red_worker: disconnect the channel instead of shutdown in case of a blocking ↵Yonit Halperin2013-09-261-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | method failure rhbz#1004443 The methods that trigger waitings on the client pipe require that the waiting will succeed in order to continue, or otherwise, that all the living pipe items will be released (e.g., when we must destroy a surface, we need that all its related pipe items will be released). Shutdown of the socket will eventually trigger red_channel_client_disconnect (*), which will empty the pipe. However, if the blocking method failed, we need to empty the pipe synchronously. It is not safe(**) to call red_channel_client_disconnect from ChannelCbs , but all the blocking calls in red_worker are done from callbacks that are triggered from the device. To summarize, calling red_channel_client_disconnect instead of calling red_channel_client_shutdown will immediately release all the pipe items that are held by the channel client (by calling red_channel_client_pipe_clear). If red_clear_surface_drawables_from_pipe timeouts, red_channel_client_disconnect will make sure that the surface we wish to release is not referenced by any pipe-item. (*) After a shutdown of a socket, we expect that later, when red_peer_handle_incoming is called, it will encounter a socket error and will call the channel's on_error callback which calls red_channel_client_disconnect. (**) I believe it was not safe before commit 2d2121a17038bc0 (before adding ref count to ChannelClient). However, I think it might still be unsafe, because red_channel_client_disconnect sets rcc->stream to NULL, and rcc->stream may be referred later inside a red_channel_client method unsafely. So instead of checking if (stream != NULL) after calling callbacks, we try to avoid calling red_channel_client_disconnect from callbacks.
generated by cgit (git 2.34.1) at 2024-05-02 23:11:29 +0000