net: Fix -net socket parameter checks

My commit ea053add broke -net socket by overwriting an intermediate buffer in the added check_param. Fix this by switching check_param to automatic buffer allocation and release, ie. callers no longer have to worry about providing a scratch buffer. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

net: Fix -net socket parameter checks
My commit ea053add broke -net socket by overwriting an intermediate buffer in the added check_param. Fix this by switching check_param to automatic buffer allocation and release, ie. callers no longer have to worry about providing a scratch buffer. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Jan Kiszka · Anthony Liguori
1 parent 6f0437e8
Showing 3 changed files with 38 additions and 23 deletions
net.c
sysemu.h
vl.c
@@ -1791,7 +1791,7 @@ int net_client_init(const char *device, const char *p)
         uint8_t *macaddr;
         int idx = nic_get_free_idx();
  
-        if (check_params(buf, sizeof(buf), nic_params, p) < 0) {
+        if (check_params(nic_params, p) < 0) {
             fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
                     buf, p);
             return -1;
@@ -1842,7 +1842,7 @@ int net_client_init(const char *device, const char *p)
         static const char * const slirp_params[] = {
             "vlan", "name", "hostname", "restrict", "ip", NULL
         };
-        if (check_params(buf, sizeof(buf), slirp_params, p) < 0) {
+        if (check_params(slirp_params, p) < 0) {
             fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
                     buf, p);
             return -1;
@@ -1893,7 +1893,7 @@ int net_client_init(const char *device, const char *p)
         };
         char ifname[64];
  
-        if (check_params(buf, sizeof(buf), tap_params, p) < 0) {
+        if (check_params(tap_params, p) < 0) {
             fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
                     buf, p);
             return -1;
@@ -1914,7 +1914,7 @@ int net_client_init(const char *device, const char *p)
         int fd;
         vlan->nb_host_devs++;
         if (get_param_value(buf, sizeof(buf), "fd", p) > 0) {
-            if (check_params(buf, sizeof(buf), fd_params, p) < 0) {
+            if (check_params(fd_params, p) < 0) {
                 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
                         buf, p);
                 return -1;
@@ -1927,7 +1927,7 @@ int net_client_init(const char *device, const char *p)
             static const char * const tap_params[] = {
                 "vlan", "name", "ifname", "script", "downscript", NULL
             };
-            if (check_params(buf, sizeof(buf), tap_params, p) < 0) {
+            if (check_params(tap_params, p) < 0) {
                 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
                         buf, p);
                 return -1;
@@ -1948,7 +1948,7 @@ int net_client_init(const char *device, const char *p)
     if (!strcmp(device, "socket")) {
         if (get_param_value(buf, sizeof(buf), "fd", p) > 0) {
             int fd;
-            if (check_params(buf, sizeof(buf), fd_params, p) < 0) {
+            if (check_params(fd_params, p) < 0) {
                 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
                         buf, p);
                 return -1;
@@ -1961,7 +1961,7 @@ int net_client_init(const char *device, const char *p)
             static const char * const listen_params[] = {
                 "vlan", "name", "listen", NULL
             };
-            if (check_params(buf, sizeof(buf), listen_params, p) < 0) {
+            if (check_params(listen_params, p) < 0) {
                 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
                         buf, p);
                 return -1;
@@ -1971,7 +1971,7 @@ int net_client_init(const char *device, const char *p)
             static const char * const connect_params[] = {
                 "vlan", "name", "connect", NULL
             };
-            if (check_params(buf, sizeof(buf), connect_params, p) < 0) {
+            if (check_params(connect_params, p) < 0) {
                 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
                         buf, p);
                 return -1;
@@ -1981,7 +1981,7 @@ int net_client_init(const char *device, const char *p)
             static const char * const mcast_params[] = {
                 "vlan", "name", "mcast", NULL
             };
-            if (check_params(buf, sizeof(buf), mcast_params, p) < 0) {
+            if (check_params(mcast_params, p) < 0) {
                 fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
                         buf, p);
                 return -1;
@@ -2002,7 +2002,7 @@ int net_client_init(const char *device, const char *p)
         char vde_sock[1024], vde_group[512];
 	int vde_port, vde_mode;
  
-        if (check_params(buf, sizeof(buf), vde_params, p) < 0) {
+        if (check_params(vde_params, p) < 0) {
             fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
                     buf, p);
             return -1;
@@ -257,7 +257,6 @@ const char *get_opt_name(char *buf, int buf_size, const char *p, char delim);
 const char *get_opt_value(char *buf, int buf_size, const char *p);
 int get_param_value(char *buf, int buf_size,
                     const char *tag, const char *str);
-int check_params(char *buf, int buf_size,
-                 const char * const *params, const char *str);
+int check_params(const char * const *params, const char *str);
  
 #endif
@@ -1866,29 +1866,45 @@ int get_param_value(char *buf, int buf_size,
     return 0;
 }
  
-int check_params(char *buf, int buf_size,
-                 const char * const *params, const char *str)
+int check_params(const char * const *params, const char *str)
 {
+    int name_buf_size = 1;
     const char *p;
-    int i;
+    char *name_buf;
+    int i, len;
+    int ret = 0;
+
+    for (i = 0; params[i] != NULL; i++) {
+        len = strlen(params[i]) + 1;
+        if (len > name_buf_size) {
+            name_buf_size = len;
+        }
+    }
+    name_buf = qemu_malloc(name_buf_size);
  
     p = str;
     while (*p != '\0') {
-        p = get_opt_name(buf, buf_size, p, '=');
-        if (*p != '=')
-            return -1;
+        p = get_opt_name(name_buf, name_buf_size, p, '=');
+        if (*p != '=') {
+            ret = -1;
+            break;
+        }
         p++;
         for(i = 0; params[i] != NULL; i++)
-            if (!strcmp(params[i], buf))
+            if (!strcmp(params[i], name_buf))
                 break;
-        if (params[i] == NULL)
-            return -1;
+        if (params[i] == NULL) {
+            ret = -1;
+            break;
+        }
         p = get_opt_value(NULL, 0, p);
         if (*p != ',')
             break;
         p++;
     }
-    return 0;
+
+    qemu_free(name_buf);
+    return ret;
 }
  
 /***********************************************************/
@@ -2241,7 +2257,7 @@ int drive_init(struct drive_opt *arg, int snapshot, void *opaque)
                                            "cache", "format", "serial", "werror",
                                            NULL };
  
-    if (check_params(buf, sizeof(buf), params, str) < 0) {
+    if (check_params(params, str) < 0) {
          fprintf(stderr, "qemu: unknown parameter '%s' in '%s'\n",
                          buf, str);
          return -1;