From 35afa1d2d6c10ce993c60caea1efe1c589fa1d5d Mon Sep 17 00:00:00 2001
From: Martin Kletzander <mkletzan@redhat.com>
Date: Mon, 2 Jan 2023 16:23:08 +0100
Subject: [PATCH] rpc: Check client limits in more places
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2033879
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
 src/rpc/virnetserver.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index 2ec4b9a6c9..bf0fda04ee 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -370,6 +370,13 @@ virNetServerNew(const char *name,
     g_autoptr(virNetServer) srv = NULL;
     g_autofree char *jobName = g_strdup_printf("rpc-%s", name);
 
+    if (max_clients < max_anonymous_clients) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("The overall maximum number of clients must not be less "
+                         "than the number of clients waiting for authentication"));
+        return NULL;
+    }
+
     if (virNetServerInitialize() < 0)
         return NULL;
 
@@ -449,6 +456,12 @@ virNetServerNewPostExecRestart(virJSONValue *object,
                            _("Malformed max_anonymous_clients data in JSON document"));
             return NULL;
         }
+        if (max_clients < max_anonymous_clients) {
+            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                           _("The overall maximum number of clients must not be less "
+                             "than the number of clients waiting for authentication"));
+            return NULL;
+        }
     } else {
         max_anonymous_clients = max_clients;
     }