WebDAV clients can easily DoS spice server by transferring huge files
I am using qemu with spice 0.14.1 in a server that also uses SPICE WebDAV file transfers. We found that memory usage of qemu is exploding when you transfer large files. A colleague transfered a 4 GB file (from his machine to the VM) and we immediately got an out-of-memory kernel message and process kill.
- qemu 2.10.2
- remote viewer 7.0
- phodav (webdav daemon + remote viewer embedded server): 2.2
- vdagent from this tree spice/win32/vd_agent@348f7ed0
- VM + client OS: Windows 10 1607 x64