[pve-devel] [PATCH] spiceproxy : allow only spice port range
Alexandre Derumier
aderumier at odiso.com
Mon Jul 22 11:17:18 CEST 2013
full tls seamless migration, try to connect without tls to port 65535,and it give us a timeout.
So we need to denied it as soon as possible
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
PVE/HTTPServer.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index d3f03d7..df9f60e 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -494,7 +494,7 @@ sub handle_spice_proxy_request {
my ($self, $reqstate, $connect_str, $vmid, $node, $spiceport) = @_;
eval {
-
+ die "Port $spiceport is not allowed" if ($spiceport < 61000 || $spiceport > 61099);
my $remip;
if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
--
1.7.10.4
More information about the pve-devel
mailing list