From 44ee97ac270d79c70093cbdc4ad6d9d55eb0c679 Mon Sep 17 00:00:00 2001
From: Felix Geyer <debfx-pkg@fobos.de>
Date: Sat, 31 Oct 2009 16:12:02 +0100
Subject: Imported Upstream version 3.0.10-dfsg

---
 .../common/VBoxGuestLib/GenericRequest.cpp         | 66 ++++++++++++++++++++++
 1 file changed, 66 insertions(+)

(limited to 'src/VBox/Additions/common/VBoxGuestLib/GenericRequest.cpp')

diff --git a/src/VBox/Additions/common/VBoxGuestLib/GenericRequest.cpp b/src/VBox/Additions/common/VBoxGuestLib/GenericRequest.cpp
index 249c2b9f4..e35f7aae8 100644
--- a/src/VBox/Additions/common/VBoxGuestLib/GenericRequest.cpp
+++ b/src/VBox/Additions/common/VBoxGuestLib/GenericRequest.cpp
@@ -26,6 +26,72 @@
 #include <iprt/string.h>
 #include <iprt/assert.h>
 
+DECLVBGL(int) VbglGRVerify (const VMMDevRequestHeader *pReq, size_t cbReq)
+{
+    if (!pReq || cbReq < sizeof (VMMDevRequestHeader))
+    {
+        dprintf(("VbglGRVerify: Invalid parameter: pReq = %p, cbReq = %d\n", pReq, cbReq));
+        return VERR_INVALID_PARAMETER;
+    }
+
+    if (pReq->size > cbReq)
+    {
+        dprintf(("VbglGRVerify: request size %d > buffer size %d\n", pReq->size, cbReq));
+        return VERR_INVALID_PARAMETER;
+    }
+
+    /* The request size must correspond to the request type. */
+    size_t cbReqExpected = vmmdevGetRequestSize(pReq->requestType);
+
+    if (cbReq < cbReqExpected)
+    {
+        dprintf(("VbglGRVerify: buffer size %d < expected size %d\n", cbReq, cbReqExpected));
+        return VERR_INVALID_PARAMETER;
+    }
+
+    if (cbReqExpected == cbReq)
+    {
+        /* This is most likely a fixed size request, and in this case the request size
+         * must be also equal to the expected size.
+         */
+        if (pReq->size != cbReqExpected)
+        {
+            dprintf(("VbglGRVerify: request size %d != expected size %d\n", pReq->size, cbReqExpected));
+            return VERR_INVALID_PARAMETER;
+        }
+
+        return VINF_SUCCESS;
+    }
+
+    /* This can be a variable size request. Check the request type and limit the size
+     * to VMMDEV_MAX_VMMDEVREQ_SIZE, which is max size supported by the host. 
+     */
+    if (   pReq->requestType == VMMDevReq_LogString
+        || pReq->requestType == VMMDevReq_VideoSetVisibleRegion
+        || pReq->requestType == VMMDevReq_SetPointerShape
+#ifdef VBOX_WITH_64_BITS_GUESTS
+        || pReq->requestType == VMMDevReq_HGCMCall32
+        || pReq->requestType == VMMDevReq_HGCMCall64
+#else
+        || pReq->requestType == VMMDevReq_HGCMCall
+#endif /* VBOX_WITH_64_BITS_GUESTS */
+        || pReq->requestType == VMMDevReq_ChangeMemBalloon)
+    {
+        if (cbReq > VMMDEV_MAX_VMMDEVREQ_SIZE)
+        {
+            dprintf(("VbglGRVerify: VMMDevReq_LogString: buffer size %d too big\n", cbReq));
+            return VERR_BUFFER_OVERFLOW; /* @todo is this error code ok? */
+        }
+    }
+    else
+    {
+        dprintf(("VbglGRVerify: request size %d > buffer size %d\n", pReq->size, cbReq));
+        return VERR_IO_BAD_LENGTH; /* @todo is this error code ok? */
+    }
+
+    return VINF_SUCCESS;
+}
+
 DECLVBGL(int) VbglGRAlloc (VMMDevRequestHeader **ppReq, uint32_t cbSize, VMMDevRequestType reqType)
 {
     VMMDevRequestHeader *pReq;
-- 
cgit v1.2.3