Patchwork [10/11] Error out when tls-channel option is used without TLS

login
register
mail settings
Submitter Gerd Hoffmann
Date Feb. 28, 2012, 4:30 p.m.
Message ID <1330446602-10743-11-git-send-email-kraxel@redhat.com>
Download mbox | patch
Permalink /patch/143492/
State New
Headers show

Comments

Gerd Hoffmann - Feb. 28, 2012, 4:30 p.m.
From: Christophe Fergeau <cfergeau@redhat.com>

It's currently possible to setup spice channels using TLS when
no TLS port has been specified (ie TLS is disabled). This cannot
work, so better to error out in such a situation.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/spice-core.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

Patch

diff --git a/ui/spice-core.c b/ui/spice-core.c
index e761813..c1091e1 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -511,6 +511,12 @@  static int add_channel(const char *name, const char *value, void *opaque)
     int rc;
 
     if (strcmp(name, "tls-channel") == 0) {
+        int *tls_port = opaque;
+        if (!*tls_port) {
+            error_report("spice: tried to setup tls-channel"
+                         " without specifying a TLS port");
+            exit(1);
+        }
         security = SPICE_CHANNEL_SECURITY_SSL;
     }
     if (strcmp(name, "plaintext-channel") == 0) {
@@ -680,7 +686,7 @@  void qemu_spice_init(void)
     spice_server_set_playback_compression
         (spice_server, qemu_opt_get_bool(opts, "playback-compression", 1));
 
-    qemu_opt_foreach(opts, add_channel, NULL, 0);
+    qemu_opt_foreach(opts, add_channel, &tls_port, 0);
 
     if (0 != spice_server_init(spice_server, &core_interface)) {
         error_report("failed to initialize spice server");