From 57fe8ce26857328e4ee1ade44e62af1cf5bb3cd4 Mon Sep 17 00:00:00 2001
From: Pavel Grunt <pgrunt@redhat.com>
Date: Fri, 13 Nov 2015 09:14:29 +0100
Subject: reds: Do not abort due to wrong header
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Just prevent the buggy client from connecting.

 #0  0x00007fffe83b2a98 in raise () at /lib64/libc.so.6
 #1  0x00007fffe83b469a in abort () at /lib64/libc.so.6
 #2  0x00007ffff7b1533d in spice_logv (log_domain=0x7ffff7b87226 "Spice", log_level=SPICE_LOG_LEVEL_ERROR, strloc=0x7ffff7b92aba "reds.c:1373", function=0x7ffff7b94f40 <__FUNCTION__.31775> "reds_send_link_ack", format=0x7ffff7b871fe "assertion `%s' failed", args=args@entry=0x7fffffffcb68) at log.c:109
 #3  0x00007ffff7b15468 in spice_log (log_domain=log_domain@entry=0x7ffff7b87226 "Spice", log_level=log_level@entry=SPICE_LOG_LEVEL_ERROR, strloc=strloc@entry=0x7ffff7b92aba "reds.c:1373", function=function@entry=0x7ffff7b94f40 <__FUNCTION__.31775> "reds_send_link_ack", format=format@entry=0x7ffff7b871fe "assertion `%s' failed") at log.c:123
 #4  0x00007ffff7aee335 in reds_handle_read_link_done (link=0x555556b27c70)
     at reds.c:1373
 #5  0x00007ffff7aee335 in reds_handle_read_link_done (opaque=0x555556b27c70)
     at reds.c:2139
 #6  0x000055555588acc6 in qemu_iohandler_poll ()
 #7  0x000055555588a8e1 in main_loop_wait ()
 #8  0x0000555555614064 in main ()

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1281442

Acked-by: Fabiano Fidêncio <fidencio@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
---
 server/reds.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/server/reds.c b/server/reds.c
index 1f6774ef..9bd28dff 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -1370,7 +1370,10 @@ static int reds_send_link_ack(RedLinkInfo *link)
     channel = reds_find_channel(link->link_mess->channel_type,
                                 link->link_mess->channel_id);
     if (!channel) {
-        spice_assert(link->link_mess->channel_type == SPICE_CHANNEL_MAIN);
+        if (link->link_mess->channel_type != SPICE_CHANNEL_MAIN) {
+            spice_warning("Received wrong header: channel_type != SPICE_CHANNEL_MAIN");
+            return FALSE;
+        }
         spice_assert(reds->main_channel);
         channel = &reds->main_channel->base;
     }
-- 
cgit