From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:54340)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cfergeau@redhat.com>) id 1S0sXL-0001zZ-Ob
	for qemu-devel@nongnu.org; Fri, 24 Feb 2012 05:38:09 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <cfergeau@redhat.com>) id 1S0sXH-0005AD-R9
	for qemu-devel@nongnu.org; Fri, 24 Feb 2012 05:38:03 -0500
Received: from mx1.redhat.com ([209.132.183.28]:9913)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cfergeau@redhat.com>) id 1S0sXH-0005A0-Dy
	for qemu-devel@nongnu.org; Fri, 24 Feb 2012 05:37:59 -0500
Received: from int-mx02.intmail.prod.int.phx2.redhat.com
	(int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q1OAbwlA007260
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <qemu-devel@nongnu.org>; Fri, 24 Feb 2012 05:37:58 -0500
Received: from teriyaki.redhat.com (ovpn-116-26.ams2.redhat.com [10.36.116.26])
	by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id q1OAbsHE026036
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <qemu-devel@nongnu.org>; Fri, 24 Feb 2012 05:37:57 -0500
From: Christophe Fergeau <cfergeau@redhat.com>
Date: Fri, 24 Feb 2012 11:37:54 +0100
Message-Id: <1330079874-5818-2-git-send-email-cfergeau@redhat.com>
In-Reply-To: <1330079874-5818-1-git-send-email-cfergeau@redhat.com>
References: <1330079874-5818-1-git-send-email-cfergeau@redhat.com>
Subject: [Qemu-devel] [PATCH 2/2] Error out when tls-channel option is used
	without TLS
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

It's currently possible to setup spice channels using TLS when
no TLS port has been specified (ie TLS is disabled). This cannot
work, so better to error out in such a situation.
---
 ui/spice-core.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/ui/spice-core.c b/ui/spice-core.c
index 6d240a3..5e644c9 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -524,8 +524,11 @@ static int add_channel(const char *name, const char *value, void *opaque)
 {
     int security = 0;
     int rc;
+    int *tls_port = opaque;
 
     if (strcmp(name, "tls-channel") == 0) {
+        if (!*tls_port)
+            return 1;
         security = SPICE_CHANNEL_SECURITY_SSL;
     }
     if (strcmp(name, "plaintext-channel") == 0) {
@@ -697,7 +700,10 @@ void qemu_spice_init(void)
     spice_server_set_playback_compression
         (spice_server, qemu_opt_get_bool(opts, "playback-compression", 1));
 
-    qemu_opt_foreach(opts, add_channel, NULL, 0);
+    if (qemu_opt_foreach(opts, add_channel, &tls_port, 1) != 0) {
+        fprintf(stderr, "tried to setup tls-channel without specifying a TLS port\n");
+        exit(1);
+    }
 
     if (0 != spice_server_init(spice_server, &core_interface)) {
         fprintf(stderr, "failed to initialize spice server\n");
-- 
1.7.7.6