Commit ffad4116b96e29e0fbe892806f97c0a6c903d30d
Committed by
Anthony Liguori
Anthony Liguori
1 parent
6f0437e8
net: Fix -net socket parameter checks
My commit ea053add broke -net socket by overwriting an intermediate buffer in the added check_param. Fix this by switching check_param to automatic buffer allocation and release, ie. callers no longer have to worry about providing a scratch buffer. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Showing
3 changed files
with
38 additions
and
23 deletions
net.c
| @@ -1791,7 +1791,7 @@ int net_client_init(const char *device, const char *p) | @@ -1791,7 +1791,7 @@ int net_client_init(const char *device, const char *p) | ||
| 1791 | uint8_t *macaddr; | 1791 | uint8_t *macaddr; |
| 1792 | int idx = nic_get_free_idx(); | 1792 | int idx = nic_get_free_idx(); |
| 1793 | 1793 | ||
| 1794 | - if (check_params(buf, sizeof(buf), nic_params, p) < 0) { | 1794 | + if (check_params(nic_params, p) < 0) { |
| 1795 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 1795 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 1796 | buf, p); | 1796 | buf, p); |
| 1797 | return -1; | 1797 | return -1; |
| @@ -1842,7 +1842,7 @@ int net_client_init(const char *device, const char *p) | @@ -1842,7 +1842,7 @@ int net_client_init(const char *device, const char *p) | ||
| 1842 | static const char * const slirp_params[] = { | 1842 | static const char * const slirp_params[] = { |
| 1843 | "vlan", "name", "hostname", "restrict", "ip", NULL | 1843 | "vlan", "name", "hostname", "restrict", "ip", NULL |
| 1844 | }; | 1844 | }; |
| 1845 | - if (check_params(buf, sizeof(buf), slirp_params, p) < 0) { | 1845 | + if (check_params(slirp_params, p) < 0) { |
| 1846 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 1846 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 1847 | buf, p); | 1847 | buf, p); |
| 1848 | return -1; | 1848 | return -1; |
| @@ -1893,7 +1893,7 @@ int net_client_init(const char *device, const char *p) | @@ -1893,7 +1893,7 @@ int net_client_init(const char *device, const char *p) | ||
| 1893 | }; | 1893 | }; |
| 1894 | char ifname[64]; | 1894 | char ifname[64]; |
| 1895 | 1895 | ||
| 1896 | - if (check_params(buf, sizeof(buf), tap_params, p) < 0) { | 1896 | + if (check_params(tap_params, p) < 0) { |
| 1897 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 1897 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 1898 | buf, p); | 1898 | buf, p); |
| 1899 | return -1; | 1899 | return -1; |
| @@ -1914,7 +1914,7 @@ int net_client_init(const char *device, const char *p) | @@ -1914,7 +1914,7 @@ int net_client_init(const char *device, const char *p) | ||
| 1914 | int fd; | 1914 | int fd; |
| 1915 | vlan->nb_host_devs++; | 1915 | vlan->nb_host_devs++; |
| 1916 | if (get_param_value(buf, sizeof(buf), "fd", p) > 0) { | 1916 | if (get_param_value(buf, sizeof(buf), "fd", p) > 0) { |
| 1917 | - if (check_params(buf, sizeof(buf), fd_params, p) < 0) { | 1917 | + if (check_params(fd_params, p) < 0) { |
| 1918 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 1918 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 1919 | buf, p); | 1919 | buf, p); |
| 1920 | return -1; | 1920 | return -1; |
| @@ -1927,7 +1927,7 @@ int net_client_init(const char *device, const char *p) | @@ -1927,7 +1927,7 @@ int net_client_init(const char *device, const char *p) | ||
| 1927 | static const char * const tap_params[] = { | 1927 | static const char * const tap_params[] = { |
| 1928 | "vlan", "name", "ifname", "script", "downscript", NULL | 1928 | "vlan", "name", "ifname", "script", "downscript", NULL |
| 1929 | }; | 1929 | }; |
| 1930 | - if (check_params(buf, sizeof(buf), tap_params, p) < 0) { | 1930 | + if (check_params(tap_params, p) < 0) { |
| 1931 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 1931 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 1932 | buf, p); | 1932 | buf, p); |
| 1933 | return -1; | 1933 | return -1; |
| @@ -1948,7 +1948,7 @@ int net_client_init(const char *device, const char *p) | @@ -1948,7 +1948,7 @@ int net_client_init(const char *device, const char *p) | ||
| 1948 | if (!strcmp(device, "socket")) { | 1948 | if (!strcmp(device, "socket")) { |
| 1949 | if (get_param_value(buf, sizeof(buf), "fd", p) > 0) { | 1949 | if (get_param_value(buf, sizeof(buf), "fd", p) > 0) { |
| 1950 | int fd; | 1950 | int fd; |
| 1951 | - if (check_params(buf, sizeof(buf), fd_params, p) < 0) { | 1951 | + if (check_params(fd_params, p) < 0) { |
| 1952 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 1952 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 1953 | buf, p); | 1953 | buf, p); |
| 1954 | return -1; | 1954 | return -1; |
| @@ -1961,7 +1961,7 @@ int net_client_init(const char *device, const char *p) | @@ -1961,7 +1961,7 @@ int net_client_init(const char *device, const char *p) | ||
| 1961 | static const char * const listen_params[] = { | 1961 | static const char * const listen_params[] = { |
| 1962 | "vlan", "name", "listen", NULL | 1962 | "vlan", "name", "listen", NULL |
| 1963 | }; | 1963 | }; |
| 1964 | - if (check_params(buf, sizeof(buf), listen_params, p) < 0) { | 1964 | + if (check_params(listen_params, p) < 0) { |
| 1965 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 1965 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 1966 | buf, p); | 1966 | buf, p); |
| 1967 | return -1; | 1967 | return -1; |
| @@ -1971,7 +1971,7 @@ int net_client_init(const char *device, const char *p) | @@ -1971,7 +1971,7 @@ int net_client_init(const char *device, const char *p) | ||
| 1971 | static const char * const connect_params[] = { | 1971 | static const char * const connect_params[] = { |
| 1972 | "vlan", "name", "connect", NULL | 1972 | "vlan", "name", "connect", NULL |
| 1973 | }; | 1973 | }; |
| 1974 | - if (check_params(buf, sizeof(buf), connect_params, p) < 0) { | 1974 | + if (check_params(connect_params, p) < 0) { |
| 1975 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 1975 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 1976 | buf, p); | 1976 | buf, p); |
| 1977 | return -1; | 1977 | return -1; |
| @@ -1981,7 +1981,7 @@ int net_client_init(const char *device, const char *p) | @@ -1981,7 +1981,7 @@ int net_client_init(const char *device, const char *p) | ||
| 1981 | static const char * const mcast_params[] = { | 1981 | static const char * const mcast_params[] = { |
| 1982 | "vlan", "name", "mcast", NULL | 1982 | "vlan", "name", "mcast", NULL |
| 1983 | }; | 1983 | }; |
| 1984 | - if (check_params(buf, sizeof(buf), mcast_params, p) < 0) { | 1984 | + if (check_params(mcast_params, p) < 0) { |
| 1985 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 1985 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 1986 | buf, p); | 1986 | buf, p); |
| 1987 | return -1; | 1987 | return -1; |
| @@ -2002,7 +2002,7 @@ int net_client_init(const char *device, const char *p) | @@ -2002,7 +2002,7 @@ int net_client_init(const char *device, const char *p) | ||
| 2002 | char vde_sock[1024], vde_group[512]; | 2002 | char vde_sock[1024], vde_group[512]; |
| 2003 | int vde_port, vde_mode; | 2003 | int vde_port, vde_mode; |
| 2004 | 2004 | ||
| 2005 | - if (check_params(buf, sizeof(buf), vde_params, p) < 0) { | 2005 | + if (check_params(vde_params, p) < 0) { |
| 2006 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", | 2006 | fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", |
| 2007 | buf, p); | 2007 | buf, p); |
| 2008 | return -1; | 2008 | return -1; |
sysemu.h
| @@ -257,7 +257,6 @@ const char *get_opt_name(char *buf, int buf_size, const char *p, char delim); | @@ -257,7 +257,6 @@ const char *get_opt_name(char *buf, int buf_size, const char *p, char delim); | ||
| 257 | const char *get_opt_value(char *buf, int buf_size, const char *p); | 257 | const char *get_opt_value(char *buf, int buf_size, const char *p); |
| 258 | int get_param_value(char *buf, int buf_size, | 258 | int get_param_value(char *buf, int buf_size, |
| 259 | const char *tag, const char *str); | 259 | const char *tag, const char *str); |
| 260 | -int check_params(char *buf, int buf_size, | ||
| 261 | - const char * const *params, const char *str); | 260 | +int check_params(const char * const *params, const char *str); |
| 262 | 261 | ||
| 263 | #endif | 262 | #endif |
vl.c
| @@ -1866,29 +1866,45 @@ int get_param_value(char *buf, int buf_size, | @@ -1866,29 +1866,45 @@ int get_param_value(char *buf, int buf_size, | ||
| 1866 | return 0; | 1866 | return 0; |
| 1867 | } | 1867 | } |
| 1868 | 1868 | ||
| 1869 | -int check_params(char *buf, int buf_size, | ||
| 1870 | - const char * const *params, const char *str) | 1869 | +int check_params(const char * const *params, const char *str) |
| 1871 | { | 1870 | { |
| 1871 | + int name_buf_size = 1; | ||
| 1872 | const char *p; | 1872 | const char *p; |
| 1873 | - int i; | 1873 | + char *name_buf; |
| 1874 | + int i, len; | ||
| 1875 | + int ret = 0; | ||
| 1876 | + | ||
| 1877 | + for (i = 0; params[i] != NULL; i++) { | ||
| 1878 | + len = strlen(params[i]) + 1; | ||
| 1879 | + if (len > name_buf_size) { | ||
| 1880 | + name_buf_size = len; | ||
| 1881 | + } | ||
| 1882 | + } | ||
| 1883 | + name_buf = qemu_malloc(name_buf_size); | ||
| 1874 | 1884 | ||
| 1875 | p = str; | 1885 | p = str; |
| 1876 | while (*p != '\0') { | 1886 | while (*p != '\0') { |
| 1877 | - p = get_opt_name(buf, buf_size, p, '='); | ||
| 1878 | - if (*p != '=') | ||
| 1879 | - return -1; | 1887 | + p = get_opt_name(name_buf, name_buf_size, p, '='); |
| 1888 | + if (*p != '=') { | ||
| 1889 | + ret = -1; | ||
| 1890 | + break; | ||
| 1891 | + } | ||
| 1880 | p++; | 1892 | p++; |
| 1881 | for(i = 0; params[i] != NULL; i++) | 1893 | for(i = 0; params[i] != NULL; i++) |
| 1882 | - if (!strcmp(params[i], buf)) | 1894 | + if (!strcmp(params[i], name_buf)) |
| 1883 | break; | 1895 | break; |
| 1884 | - if (params[i] == NULL) | ||
| 1885 | - return -1; | 1896 | + if (params[i] == NULL) { |
| 1897 | + ret = -1; | ||
| 1898 | + break; | ||
| 1899 | + } | ||
| 1886 | p = get_opt_value(NULL, 0, p); | 1900 | p = get_opt_value(NULL, 0, p); |
| 1887 | if (*p != ',') | 1901 | if (*p != ',') |
| 1888 | break; | 1902 | break; |
| 1889 | p++; | 1903 | p++; |
| 1890 | } | 1904 | } |
| 1891 | - return 0; | 1905 | + |
| 1906 | + qemu_free(name_buf); | ||
| 1907 | + return ret; | ||
| 1892 | } | 1908 | } |
| 1893 | 1909 | ||
| 1894 | /***********************************************************/ | 1910 | /***********************************************************/ |
| @@ -2241,7 +2257,7 @@ int drive_init(struct drive_opt *arg, int snapshot, void *opaque) | @@ -2241,7 +2257,7 @@ int drive_init(struct drive_opt *arg, int snapshot, void *opaque) | ||
| 2241 | "cache", "format", "serial", "werror", | 2257 | "cache", "format", "serial", "werror", |
| 2242 | NULL }; | 2258 | NULL }; |
| 2243 | 2259 | ||
| 2244 | - if (check_params(buf, sizeof(buf), params, str) < 0) { | 2260 | + if (check_params(params, str) < 0) { |
| 2245 | fprintf(stderr, "qemu: unknown parameter '%s' in '%s'\n", | 2261 | fprintf(stderr, "qemu: unknown parameter '%s' in '%s'\n", |
| 2246 | buf, str); | 2262 | buf, str); |
| 2247 | return -1; | 2263 | return -1; |