[pve-devel] [PATCH] spiceproxy : allow only spice port range

Alexandre Derumier Mon, 22 Jul 2013 02:18:03 -0700

full tls seamless migration, try to connect without tls to port 65535,and it 
give us a timeout.
So we need to denied it as soon as possible


Signed-off-by: Alexandre Derumier <[email protected]>
---
 PVE/HTTPServer.pm |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index d3f03d7..df9f60e 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -494,7 +494,7 @@ sub handle_spice_proxy_request {
     my ($self, $reqstate, $connect_str, $vmid, $node, $spiceport) = @_;
 
     eval {
-
+        die "Port $spiceport is not allowed" if ($spiceport < 61000 || 
$spiceport > 61099);
         my $remip;
 
         if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
-- 
1.7.10.4

_______________________________________________
pve-devel mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH] spiceproxy : allow only spice port range

Reply via email to