Commit 0aa7a205c899c516d906673efbe9457f7af0dd3c
Committed by
Mark McLoughlin
Mark McLoughlin
1 parent
cda94b27
net: Real fix for check_params users
OK, last try: 8e4416af broke -net socket, ffad4116 tried to fix it but broke error reporting of invalid parameters. So this patch widely reverts ffad4116 again and intead fixes those callers of check_params that originally suffered from overwritten buffers by using separate ones. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Showing
3 changed files
with
28 additions
and
37 deletions
net.c
| @@ -1911,7 +1911,7 @@ int net_client_init(const char *device, const char *p) | @@ -1911,7 +1911,7 @@ int net_client_init(const char *device, const char *p) | ||
| 1911 | uint8_t *macaddr; | 1911 | uint8_t *macaddr; |
| 1912 | int idx = nic_get_free_idx(); | 1912 | int idx = nic_get_free_idx(); |
| 1913 | 1913 | ||
| 1914 | - if (check_params(nic_params, p) < 0) { | 1914 | + if (check_params(buf, sizeof(buf), nic_params, p) < 0) { |
| 1915 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 1915 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 1916 | buf, p); | 1916 | buf, p); |
| 1917 | return -1; | 1917 | return -1; |
| @@ -1962,7 +1962,7 @@ int net_client_init(const char *device, const char *p) | @@ -1962,7 +1962,7 @@ int net_client_init(const char *device, const char *p) | ||
| 1962 | static const char * const slirp_params[] = { | 1962 | static const char * const slirp_params[] = { |
| 1963 | "vlan", "name", "hostname", "restrict", "ip", NULL | 1963 | "vlan", "name", "hostname", "restrict", "ip", NULL |
| 1964 | }; | 1964 | }; |
| 1965 | - if (check_params(slirp_params, p) < 0) { | 1965 | + if (check_params(buf, sizeof(buf), slirp_params, p) < 0) { |
| 1966 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 1966 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 1967 | buf, p); | 1967 | buf, p); |
| 1968 | return -1; | 1968 | return -1; |
| @@ -2013,7 +2013,7 @@ int net_client_init(const char *device, const char *p) | @@ -2013,7 +2013,7 @@ int net_client_init(const char *device, const char *p) | ||
| 2013 | }; | 2013 | }; |
| 2014 | char ifname[64]; | 2014 | char ifname[64]; |
| 2015 | 2015 | ||
| 2016 | - if (check_params(tap_params, p) < 0) { | 2016 | + if (check_params(buf, sizeof(buf), tap_params, p) < 0) { |
| 2017 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 2017 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 2018 | buf, p); | 2018 | buf, p); |
| 2019 | return -1; | 2019 | return -1; |
| @@ -2029,12 +2029,12 @@ int net_client_init(const char *device, const char *p) | @@ -2029,12 +2029,12 @@ int net_client_init(const char *device, const char *p) | ||
| 2029 | #elif defined (_AIX) | 2029 | #elif defined (_AIX) |
| 2030 | #else | 2030 | #else |
| 2031 | if (!strcmp(device, "tap")) { | 2031 | if (!strcmp(device, "tap")) { |
| 2032 | - char ifname[64]; | 2032 | + char ifname[64], chkbuf[64]; |
| 2033 | char setup_script[1024], down_script[1024]; | 2033 | char setup_script[1024], down_script[1024]; |
| 2034 | int fd; | 2034 | int fd; |
| 2035 | vlan->nb_host_devs++; | 2035 | vlan->nb_host_devs++; |
| 2036 | if (get_param_value(buf, sizeof(buf), "fd", p) > 0) { | 2036 | if (get_param_value(buf, sizeof(buf), "fd", p) > 0) { |
| 2037 | - if (check_params(fd_params, p) < 0) { | 2037 | + if (check_params(chkbuf, sizeof(chkbuf), fd_params, p) < 0) { |
| 2038 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 2038 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 2039 | buf, p); | 2039 | buf, p); |
| 2040 | return -1; | 2040 | return -1; |
| @@ -2047,7 +2047,7 @@ int net_client_init(const char *device, const char *p) | @@ -2047,7 +2047,7 @@ int net_client_init(const char *device, const char *p) | ||
| 2047 | static const char * const tap_params[] = { | 2047 | static const char * const tap_params[] = { |
| 2048 | "vlan", "name", "ifname", "script", "downscript", NULL | 2048 | "vlan", "name", "ifname", "script", "downscript", NULL |
| 2049 | }; | 2049 | }; |
| 2050 | - if (check_params(tap_params, p) < 0) { | 2050 | + if (check_params(chkbuf, sizeof(chkbuf), tap_params, p) < 0) { |
| 2051 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 2051 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 2052 | buf, p); | 2052 | buf, p); |
| 2053 | return -1; | 2053 | return -1; |
| @@ -2066,9 +2066,10 @@ int net_client_init(const char *device, const char *p) | @@ -2066,9 +2066,10 @@ int net_client_init(const char *device, const char *p) | ||
| 2066 | } else | 2066 | } else |
| 2067 | #endif | 2067 | #endif |
| 2068 | if (!strcmp(device, "socket")) { | 2068 | if (!strcmp(device, "socket")) { |
| 2069 | + char chkbuf[64]; | ||
| 2069 | if (get_param_value(buf, sizeof(buf), "fd", p) > 0) { | 2070 | if (get_param_value(buf, sizeof(buf), "fd", p) > 0) { |
| 2070 | int fd; | 2071 | int fd; |
| 2071 | - if (check_params(fd_params, p) < 0) { | 2072 | + if (check_params(chkbuf, sizeof(chkbuf), fd_params, p) < 0) { |
| 2072 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 2073 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 2073 | buf, p); | 2074 | buf, p); |
| 2074 | return -1; | 2075 | return -1; |
| @@ -2081,7 +2082,7 @@ int net_client_init(const char *device, const char *p) | @@ -2081,7 +2082,7 @@ int net_client_init(const char *device, const char *p) | ||
| 2081 | static const char * const listen_params[] = { | 2082 | static const char * const listen_params[] = { |
| 2082 | "vlan", "name", "listen", NULL | 2083 | "vlan", "name", "listen", NULL |
| 2083 | }; | 2084 | }; |
| 2084 | - if (check_params(listen_params, p) < 0) { | 2085 | + if (check_params(chkbuf, sizeof(chkbuf), listen_params, p) < 0) { |
| 2085 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 2086 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 2086 | buf, p); | 2087 | buf, p); |
| 2087 | return -1; | 2088 | return -1; |
| @@ -2091,7 +2092,7 @@ int net_client_init(const char *device, const char *p) | @@ -2091,7 +2092,7 @@ int net_client_init(const char *device, const char *p) | ||
| 2091 | static const char * const connect_params[] = { | 2092 | static const char * const connect_params[] = { |
| 2092 | "vlan", "name", "connect", NULL | 2093 | "vlan", "name", "connect", NULL |
| 2093 | }; | 2094 | }; |
| 2094 | - if (check_params(connect_params, p) < 0) { | 2095 | + if (check_params(chkbuf, sizeof(chkbuf), connect_params, p) < 0) { |
| 2095 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 2096 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 2096 | buf, p); | 2097 | buf, p); |
| 2097 | return -1; | 2098 | return -1; |
| @@ -2101,7 +2102,7 @@ int net_client_init(const char *device, const char *p) | @@ -2101,7 +2102,7 @@ int net_client_init(const char *device, const char *p) | ||
| 2101 | static const char * const mcast_params[] = { | 2102 | static const char * const mcast_params[] = { |
| 2102 | "vlan", "name", "mcast", NULL | 2103 | "vlan", "name", "mcast", NULL |
| 2103 | }; | 2104 | }; |
| 2104 | - if (check_params(mcast_params, p) < 0) { | 2105 | + if (check_params(chkbuf, sizeof(chkbuf), mcast_params, p) < 0) { |
| 2105 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 2106 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 2106 | buf, p); | 2107 | buf, p); |
| 2107 | return -1; | 2108 | return -1; |
| @@ -2122,7 +2123,7 @@ int net_client_init(const char *device, const char *p) | @@ -2122,7 +2123,7 @@ int net_client_init(const char *device, const char *p) | ||
| 2122 | char vde_sock[1024], vde_group[512]; | 2123 | char vde_sock[1024], vde_group[512]; |
| 2123 | int vde_port, vde_mode; | 2124 | int vde_port, vde_mode; |
| 2124 | 2125 | ||
| 2125 | - if (check_params(vde_params, p) < 0) { | 2126 | + if (check_params(buf, sizeof(buf), vde_params, p) < 0) { |
| 2126 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 2127 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 2127 | buf, p); | 2128 | buf, p); |
| 2128 | return -1; | 2129 | return -1; |
sysemu.h
| @@ -270,7 +270,8 @@ void usb_info(Monitor *mon); | @@ -270,7 +270,8 @@ void usb_info(Monitor *mon); | ||
| 270 | 270 | ||
| 271 | int get_param_value(char *buf, int buf_size, | 271 | int get_param_value(char *buf, int buf_size, |
| 272 | const char *tag, const char *str); | 272 | const char *tag, const char *str); |
| 273 | -int check_params(const char * const *params, const char *str); | 273 | +int check_params(char *buf, int buf_size, |
| 274 | + const char * const *params, const char *str); | ||
| 274 | 275 | ||
| 275 | void register_devices(void); | 276 | void register_devices(void); |
| 276 | 277 |
vl.c
| @@ -1836,45 +1836,34 @@ int get_param_value(char *buf, int buf_size, | @@ -1836,45 +1836,34 @@ int get_param_value(char *buf, int buf_size, | ||
| 1836 | return 0; | 1836 | return 0; |
| 1837 | } | 1837 | } |
| 1838 | 1838 | ||
| 1839 | -int check_params(const char * const *params, const char *str) | 1839 | +int check_params(char *buf, int buf_size, |
| 1840 | + const char * const *params, const char *str) | ||
| 1840 | { | 1841 | { |
| 1841 | - int name_buf_size = 1; | ||
| 1842 | const char *p; | 1842 | const char *p; |
| 1843 | - char *name_buf; | ||
| 1844 | - int i, len; | ||
| 1845 | - int ret = 0; | ||
| 1846 | - | ||
| 1847 | - for (i = 0; params[i] != NULL; i++) { | ||
| 1848 | - len = strlen(params[i]) + 1; | ||
| 1849 | - if (len > name_buf_size) { | ||
| 1850 | - name_buf_size = len; | ||
| 1851 | - } | ||
| 1852 | - } | ||
| 1853 | - name_buf = qemu_malloc(name_buf_size); | 1843 | + int i; |
| 1854 | 1844 | ||
| 1855 | p = str; | 1845 | p = str; |
| 1856 | while (*p != '\0') { | 1846 | while (*p != '\0') { |
| 1857 | - p = get_opt_name(name_buf, name_buf_size, p, '='); | 1847 | + p = get_opt_name(buf, buf_size, p, '='); |
| 1858 | if (*p != '=') { | 1848 | if (*p != '=') { |
| 1859 | - ret = -1; | ||
| 1860 | - break; | 1849 | + return -1; |
| 1861 | } | 1850 | } |
| 1862 | p++; | 1851 | p++; |
| 1863 | - for(i = 0; params[i] != NULL; i++) | ||
| 1864 | - if (!strcmp(params[i], name_buf)) | 1852 | + for (i = 0; params[i] != NULL; i++) { |
| 1853 | + if (!strcmp(params[i], buf)) { | ||
| 1865 | break; | 1854 | break; |
| 1855 | + } | ||
| 1856 | + } | ||
| 1866 | if (params[i] == NULL) { | 1857 | if (params[i] == NULL) { |
| 1867 | - ret = -1; | ||
| 1868 | - break; | 1858 | + return -1; |
| 1869 | } | 1859 | } |
| 1870 | p = get_opt_value(NULL, 0, p); | 1860 | p = get_opt_value(NULL, 0, p); |
| 1871 | - if (*p != ',') | 1861 | + if (*p != ',') { |
| 1872 | break; | 1862 | break; |
| 1863 | + } | ||
| 1873 | p++; | 1864 | p++; |
| 1874 | } | 1865 | } |
| 1875 | - | ||
| 1876 | - qemu_free(name_buf); | ||
| 1877 | - return ret; | 1866 | + return 0; |
| 1878 | } | 1867 | } |
| 1879 | 1868 | ||
| 1880 | /***********************************************************/ | 1869 | /***********************************************************/ |
| @@ -2227,7 +2216,7 @@ int drive_init(struct drive_opt *arg, int snapshot, void *opaque) | @@ -2227,7 +2216,7 @@ int drive_init(struct drive_opt *arg, int snapshot, void *opaque) | ||
| 2227 | "cache", "format", "serial", "werror", | 2216 | "cache", "format", "serial", "werror", |
| 2228 | NULL }; | 2217 | NULL }; |
| 2229 | 2218 | ||
| 2230 | - if (check_params(params, str) < 0) { | 2219 | + if (check_params(buf, sizeof(buf), params, str) < 0) { |
| 2231 | fprintf(stderr, "qemu: unknown parameter '%s' in '%s'\n", | 2220 | fprintf(stderr, "qemu: unknown parameter '%s' in '%s'\n", |
| 2232 | buf, str); | 2221 | buf, str); |
| 2233 | return -1; | 2222 | return -1; |