[virt-tools-list] [PATCH virt-viewer 15/19] Hook up handling of Monitors

Christophe Fergeau cfergeau at redhat.com
Tue Jul 17 13:53:10 UTC 2012


On Tue, Jul 17, 2012 at 03:02:46PM +0200, Marc-André Lureau wrote:
> On Tue, Jul 17, 2012 at 2:52 PM, Christophe Fergeau <cfergeau at redhat.com> wrote:
> > I'm concerned about malicious payload putting a huge number there for a
> > nasty purpose. Moreover, is this value coming from the server, or is it
> > coming from the qxl driver in the guest?
> 
> 
> I don't think this is a concern here. You might worry about a lot of
> other parts of spice then.. In general, it can be very hard to verify
> integrity,

I'm indeed worried about the day when someone starts actively fuzzing the
spice protocol...


> and I guess we rely on lower level of the stack to do that for us.

Except I'm not sure any part of the stack is doing this for us, is there
such a part? In this specific case, the protocol can handle an arbitrary
number of monitors as I understand it, it's the client code that cannot
handle too many monitors, so limiting the number of monitors here would
make sense.
It's an issue I wanted to raise, I'm not saying this must be fixed in this
patch.

Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/virt-tools-list/attachments/20120717/2083b6cb/attachment.sig>


More information about the virt-tools-list mailing list