* [Qemu-devel] [PATCH] net: Fix -net socket parameter checks
@ 2009-04-26 16:53 Jan Kiszka
0 siblings, 0 replies; only message in thread
From: Jan Kiszka @ 2009-04-26 16:53 UTC (permalink / raw)
To: Anthony Liguori; +Cc: qemu-devel
[-- Attachment #1: Type: text/plain, Size: 7626 bytes --]
My commit ea053add700d8abe203cd79a9ffb082aee4eabc0 broke -net socket by
overwriting an intermediate buffer in the added check_param. Fix this
by switching check_param to automatic buffer allocation and release, ie.
callers no longer have to worry about providing a scratch buffer.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
net.c | 20 ++++++++++----------
sysemu.h | 3 +--
vl.c | 38 +++++++++++++++++++++++++++-----------
3 files changed, 38 insertions(+), 23 deletions(-)
diff --git a/net.c b/net.c
index db2f8d3..dcd27fe 100644
--- a/net.c
+++ b/net.c
@@ -1791,7 +1791,7 @@ int net_client_init(const char *device, const char *p)
uint8_t *macaddr;
int idx = nic_get_free_idx();
- if (check_params(buf, sizeof(buf), nic_params, p) < 0) {
+ if (check_params(nic_params, p) < 0) {
fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
buf, p);
return -1;
@@ -1842,7 +1842,7 @@ int net_client_init(const char *device, const char *p)
static const char * const slirp_params[] = {
"vlan", "name", "hostname", "restrict", "ip", NULL
};
- if (check_params(buf, sizeof(buf), slirp_params, p) < 0) {
+ if (check_params(slirp_params, p) < 0) {
fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
buf, p);
return -1;
@@ -1893,7 +1893,7 @@ int net_client_init(const char *device, const char *p)
};
char ifname[64];
- if (check_params(buf, sizeof(buf), tap_params, p) < 0) {
+ if (check_params(tap_params, p) < 0) {
fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
buf, p);
return -1;
@@ -1914,7 +1914,7 @@ int net_client_init(const char *device, const char *p)
int fd;
vlan->nb_host_devs++;
if (get_param_value(buf, sizeof(buf), "fd", p) > 0) {
- if (check_params(buf, sizeof(buf), fd_params, p) < 0) {
+ if (check_params(fd_params, p) < 0) {
fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
buf, p);
return -1;
@@ -1927,7 +1927,7 @@ int net_client_init(const char *device, const char *p)
static const char * const tap_params[] = {
"vlan", "name", "ifname", "script", "downscript", NULL
};
- if (check_params(buf, sizeof(buf), tap_params, p) < 0) {
+ if (check_params(tap_params, p) < 0) {
fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
buf, p);
return -1;
@@ -1948,7 +1948,7 @@ int net_client_init(const char *device, const char *p)
if (!strcmp(device, "socket")) {
if (get_param_value(buf, sizeof(buf), "fd", p) > 0) {
int fd;
- if (check_params(buf, sizeof(buf), fd_params, p) < 0) {
+ if (check_params(fd_params, p) < 0) {
fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
buf, p);
return -1;
@@ -1961,7 +1961,7 @@ int net_client_init(const char *device, const char *p)
static const char * const listen_params[] = {
"vlan", "name", "listen", NULL
};
- if (check_params(buf, sizeof(buf), listen_params, p) < 0) {
+ if (check_params(listen_params, p) < 0) {
fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
buf, p);
return -1;
@@ -1971,7 +1971,7 @@ int net_client_init(const char *device, const char *p)
static const char * const connect_params[] = {
"vlan", "name", "connect", NULL
};
- if (check_params(buf, sizeof(buf), connect_params, p) < 0) {
+ if (check_params(connect_params, p) < 0) {
fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
buf, p);
return -1;
@@ -1981,7 +1981,7 @@ int net_client_init(const char *device, const char *p)
static const char * const mcast_params[] = {
"vlan", "name", "mcast", NULL
};
- if (check_params(buf, sizeof(buf), mcast_params, p) < 0) {
+ if (check_params(mcast_params, p) < 0) {
fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
buf, p);
return -1;
@@ -2002,7 +2002,7 @@ int net_client_init(const char *device, const char *p)
char vde_sock[1024], vde_group[512];
int vde_port, vde_mode;
- if (check_params(buf, sizeof(buf), vde_params, p) < 0) {
+ if (check_params(vde_params, p) < 0) {
fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",
buf, p);
return -1;
diff --git a/sysemu.h b/sysemu.h
index 50438a6..9bb9fbc 100644
--- a/sysemu.h
+++ b/sysemu.h
@@ -257,7 +257,6 @@ const char *get_opt_name(char *buf, int buf_size, const char *p, char delim);
const char *get_opt_value(char *buf, int buf_size, const char *p);
int get_param_value(char *buf, int buf_size,
const char *tag, const char *str);
-int check_params(char *buf, int buf_size,
- const char * const *params, const char *str);
+int check_params(const char * const *params, const char *str);
#endif
diff --git a/vl.c b/vl.c
index a210b6c..1fe39e5 100644
--- a/vl.c
+++ b/vl.c
@@ -1866,29 +1866,45 @@ int get_param_value(char *buf, int buf_size,
return 0;
}
-int check_params(char *buf, int buf_size,
- const char * const *params, const char *str)
+int check_params(const char * const *params, const char *str)
{
+ int name_buf_size = 1;
const char *p;
- int i;
+ char *name_buf;
+ int i, len;
+ int ret = 0;
+
+ for (i = 0; params[i] != NULL; i++) {
+ len = strlen(params[i]) + 1;
+ if (len > name_buf_size) {
+ name_buf_size = len;
+ }
+ }
+ name_buf = qemu_malloc(name_buf_size);
p = str;
while (*p != '\0') {
- p = get_opt_name(buf, buf_size, p, '=');
- if (*p != '=')
- return -1;
+ p = get_opt_name(name_buf, name_buf_size, p, '=');
+ if (*p != '=') {
+ ret = -1;
+ break;
+ }
p++;
for(i = 0; params[i] != NULL; i++)
- if (!strcmp(params[i], buf))
+ if (!strcmp(params[i], name_buf))
break;
- if (params[i] == NULL)
- return -1;
+ if (params[i] == NULL) {
+ ret = -1;
+ break;
+ }
p = get_opt_value(NULL, 0, p);
if (*p != ',')
break;
p++;
}
- return 0;
+
+ qemu_free(name_buf);
+ return ret;
}
/***********************************************************/
@@ -2241,7 +2257,7 @@ int drive_init(struct drive_opt *arg, int snapshot, void *opaque)
"cache", "format", "serial", "werror",
NULL };
- if (check_params(buf, sizeof(buf), params, str) < 0) {
+ if (check_params(params, str) < 0) {
fprintf(stderr, "qemu: unknown parameter '%s' in '%s'\n",
buf, str);
return -1;
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 257 bytes --]
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2009-04-26 16:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-04-26 16:53 [Qemu-devel] [PATCH] net: Fix -net socket parameter checks Jan Kiszka
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.