gwj / at91sam9263 · Commits

Commit 0aa7a205c899c516d906673efbe9457f7af0dd3c

Authored by Jan Kiszka
Committed by Mark McLoughlin
1 parent cda94b27

net: Real fix for check_params users 

OK, last try: 8e4416af broke -net socket, ffad4116 tried to fix it
but broke error reporting of invalid parameters. So this patch widely
reverts ffad4116 again and intead fixes those callers of check_params
that originally suffered from overwritten buffers by using separate
ones.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Inline Side-by-side
Showing 3 changed files with 28 additions and 37 deletions
... ... @@ -1911,7 +1911,7 @@ int net_client_init(const char *device, const char *p)
1911 1911 uint8_t *macaddr;
1912 1912 int idx = nic_get_free_idx();
1913 1913  
1914   - if (check_params(nic_params, p) < 0) {
  1914 + if (check_params(buf, sizeof(buf), nic_params, p) < 0) {
1915 1915 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
1916 1916 buf, p);
1917 1917 return -1;
... ... @@ -1962,7 +1962,7 @@ int net_client_init(const char *device, const char *p)
1962 1962 static const char * const slirp_params[] = {
1963 1963 "vlan", "name", "hostname", "restrict", "ip", NULL
1964 1964 };
1965   - if (check_params(slirp_params, p) < 0) {
  1965 + if (check_params(buf, sizeof(buf), slirp_params, p) < 0) {
1966 1966 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
1967 1967 buf, p);
1968 1968 return -1;
... ... @@ -2013,7 +2013,7 @@ int net_client_init(const char *device, const char *p)
2013 2013 };
2014 2014 char ifname[64];
2015 2015  
2016   - if (check_params(tap_params, p) < 0) {
  2016 + if (check_params(buf, sizeof(buf), tap_params, p) < 0) {
2017 2017 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
2018 2018 buf, p);
2019 2019 return -1;
... ... @@ -2029,12 +2029,12 @@ int net_client_init(const char *device, const char *p)
2029 2029 #elif defined (_AIX)
2030 2030 #else
2031 2031 if (!strcmp(device, "tap")) {
2032   - char ifname[64];
  2032 + char ifname[64], chkbuf[64];
2033 2033 char setup_script[1024], down_script[1024];
2034 2034 int fd;
2035 2035 vlan->nb_host_devs++;
2036 2036 if (get_param_value(buf, sizeof(buf), "fd", p) > 0) {
2037   - if (check_params(fd_params, p) < 0) {
  2037 + if (check_params(chkbuf, sizeof(chkbuf), fd_params, p) < 0) {
2038 2038 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
2039 2039 buf, p);
2040 2040 return -1;
... ... @@ -2047,7 +2047,7 @@ int net_client_init(const char *device, const char *p)
2047 2047 static const char * const tap_params[] = {
2048 2048 "vlan", "name", "ifname", "script", "downscript", NULL
2049 2049 };
2050   - if (check_params(tap_params, p) < 0) {
  2050 + if (check_params(chkbuf, sizeof(chkbuf), tap_params, p) < 0) {
2051 2051 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
2052 2052 buf, p);
2053 2053 return -1;
... ... @@ -2066,9 +2066,10 @@ int net_client_init(const char *device, const char *p)
2066 2066 } else
2067 2067 #endif
2068 2068 if (!strcmp(device, "socket")) {
  2069 + char chkbuf[64];
2069 2070 if (get_param_value(buf, sizeof(buf), "fd", p) > 0) {
2070 2071 int fd;
2071   - if (check_params(fd_params, p) < 0) {
  2072 + if (check_params(chkbuf, sizeof(chkbuf), fd_params, p) < 0) {
2072 2073 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
2073 2074 buf, p);
2074 2075 return -1;
... ... @@ -2081,7 +2082,7 @@ int net_client_init(const char *device, const char *p)
2081 2082 static const char * const listen_params[] = {
2082 2083 "vlan", "name", "listen", NULL
2083 2084 };
2084   - if (check_params(listen_params, p) < 0) {
  2085 + if (check_params(chkbuf, sizeof(chkbuf), listen_params, p) < 0) {
2085 2086 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
2086 2087 buf, p);
2087 2088 return -1;
... ... @@ -2091,7 +2092,7 @@ int net_client_init(const char *device, const char *p)
2091 2092 static const char * const connect_params[] = {
2092 2093 "vlan", "name", "connect", NULL
2093 2094 };
2094   - if (check_params(connect_params, p) < 0) {
  2095 + if (check_params(chkbuf, sizeof(chkbuf), connect_params, p) < 0) {
2095 2096 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
2096 2097 buf, p);
2097 2098 return -1;
... ... @@ -2101,7 +2102,7 @@ int net_client_init(const char *device, const char *p)
2101 2102 static const char * const mcast_params[] = {
2102 2103 "vlan", "name", "mcast", NULL
2103 2104 };
2104   - if (check_params(mcast_params, p) < 0) {
  2105 + if (check_params(chkbuf, sizeof(chkbuf), mcast_params, p) < 0) {
2105 2106 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
2106 2107 buf, p);
2107 2108 return -1;
... ... @@ -2122,7 +2123,7 @@ int net_client_init(const char *device, const char *p)
2122 2123 char vde_sock[1024], vde_group[512];
2123 2124 int vde_port, vde_mode;
2124 2125  
2125   - if (check_params(vde_params, p) < 0) {
  2126 + if (check_params(buf, sizeof(buf), vde_params, p) < 0) {
2126 2127 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
2127 2128 buf, p);
2128 2129 return -1;
... ...
sysemu.h
  View file @0aa7a20
... ... @@ -270,7 +270,8 @@ void usb_info(Monitor *mon);
270 270  
271 271 int get_param_value(char *buf, int buf_size,
272 272 const char *tag, const char *str);
273   -int check_params(const char * const *params, const char *str);
  273 +int check_params(char *buf, int buf_size,
  274 + const char * const *params, const char *str);
274 275  
275 276 void register_devices(void);
276 277  
... ...
... ... @@ -1836,45 +1836,34 @@ int get_param_value(char *buf, int buf_size,
1836 1836 return 0;
1837 1837 }
1838 1838  
1839   -int check_params(const char * const *params, const char *str)
  1839 +int check_params(char *buf, int buf_size,
  1840 + const char * const *params, const char *str)
1840 1841 {
1841   - int name_buf_size = 1;
1842 1842 const char *p;
1843   - char *name_buf;
1844   - int i, len;
1845   - int ret = 0;
1846   -
1847   - for (i = 0; params[i] != NULL; i++) {
1848   - len = strlen(params[i]) + 1;
1849   - if (len > name_buf_size) {
1850   - name_buf_size = len;
1851   - }
1852   - }
1853   - name_buf = qemu_malloc(name_buf_size);
  1843 + int i;
1854 1844  
1855 1845 p = str;
1856 1846 while (*p != '\0') {
1857   - p = get_opt_name(name_buf, name_buf_size, p, '=');
  1847 + p = get_opt_name(buf, buf_size, p, '=');
1858 1848 if (*p != '=') {
1859   - ret = -1;
1860   - break;
  1849 + return -1;
1861 1850 }
1862 1851 p++;
1863   - for(i = 0; params[i] != NULL; i++)
1864   - if (!strcmp(params[i], name_buf))
  1852 + for (i = 0; params[i] != NULL; i++) {
  1853 + if (!strcmp(params[i], buf)) {
1865 1854 break;
  1855 + }
  1856 + }
1866 1857 if (params[i] == NULL) {
1867   - ret = -1;
1868   - break;
  1858 + return -1;
1869 1859 }
1870 1860 p = get_opt_value(NULL, 0, p);
1871   - if (*p != ',')
  1861 + if (*p != ',') {
1872 1862 break;
  1863 + }
1873 1864 p++;
1874 1865 }
1875   -
1876   - qemu_free(name_buf);
1877   - return ret;
  1866 + return 0;
1878 1867 }
1879 1868  
1880 1869 /***********************************************************/
... ... @@ -2227,7 +2216,7 @@ int drive_init(struct drive_opt *arg, int snapshot, void *opaque)
2227 2216 "cache", "format", "serial", "werror",
2228 2217 NULL };
2229 2218  
2230   - if (check_params(params, str) < 0) {
  2219 + if (check_params(buf, sizeof(buf), params, str) < 0) {
2231 2220 fprintf(stderr, "qemu: unknown parameter '%s' in '%s'\n",
2232 2221 buf, str);
2233 2222 return -1;
... ...