[pve-devel] [PATCH] spiceproxy : allow only spice port range

Alexandre Derumier aderumier at odiso.com
Mon Jul 22 11:17:18 CEST 2013


full tls seamless migration, try to connect without tls to port 65535,and it give us a timeout.
So we need to denied it as soon as possible

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 PVE/HTTPServer.pm |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index d3f03d7..df9f60e 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -494,7 +494,7 @@ sub handle_spice_proxy_request {
     my ($self, $reqstate, $connect_str, $vmid, $node, $spiceport) = @_;
 
     eval {
-
+        die "Port $spiceport is not allowed" if ($spiceport < 61000 || $spiceport > 61099);
         my $remip;
 
         if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
-- 
1.7.10.4



More information about the pve-devel mailing list