From: Max Reitz <mreitz@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>, qemu-block@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 11/25] qemu-nbd: Fix and improve input verification
Date: Mon, 16 Mar 2015 09:56:35 -0400 [thread overview]
Message-ID: <5506E113.50908@redhat.com> (raw)
In-Reply-To: <55002750.6000008@redhat.com>
On 2015-03-11 at 07:30, Paolo Bonzini wrote:
>
> On 25/02/2015 19:08, Max Reitz wrote:
>> This patch makes sure the result of strtol() does not overflow (by
>> storing it in long integers instead of plain integers, and by checking
>> errno), allows the user to specify "--discard on" and
>> "--detect-zeroes unmap" in any order and strips the trailing \n from two
>> error messages.
>>
>> Signed-off-by: Max Reitz <mreitz@redhat.com>
>> ---
>> qemu-nbd.c | 40 +++++++++++++++++++++++++++-------------
>> 1 file changed, 27 insertions(+), 13 deletions(-)
> Let's introduce a general purpose utility instead of duplicating the
> checks in every strto* caller.
>
> For example, you can ensure that errno is checked and, if NULL is
> passed as the second argument, that the whole string is a number.
> Something like this:
>
> int qemu_strtol(const char *name, const char **next, int base, long *result)
> {
> char *p;
> errno = 0;
> *result = strtol(name, &p, base);
> if (!next && *p) {
> return -EINVAL;
> }
> if (next) {
> *next = p;
> }
> return -errno;
> }
I was afraid you might say this... Will do.
Thank you for reviewing!
Max
> Paolo
>
>> diff --git a/qemu-nbd.c b/qemu-nbd.c
>> index fd1e0c8..7376a35 100644
>> --- a/qemu-nbd.c
>> +++ b/qemu-nbd.c
>> @@ -51,7 +51,7 @@ static char *srcpath;
>> static char *sockpath;
>> static int persistent = 0;
>> static enum { RUNNING, TERMINATE, TERMINATING, TERMINATED } state;
>> -static int shared = 1;
>> +static long shared = 1;
>> static int nb_fds;
>>
>> static void usage(const char *name)
>> @@ -432,10 +432,10 @@ int main(int argc, char **argv)
>> };
>> int ch;
>> int opt_ind = 0;
>> - int li;
>> + long li;
>> char *end;
>> int flags = BDRV_O_RDWR;
>> - int partition = -1;
>> + long partition = -1;
>> int ret = 0;
>> int fd;
>> bool seen_cache = false;
>> @@ -510,11 +510,6 @@ int main(int argc, char **argv)
>> errx(EXIT_FAILURE, "Failed to parse detect_zeroes mode: %s",
>> error_get_pretty(local_err));
>> }
>> - if (detect_zeroes == BLOCKDEV_DETECT_ZEROES_OPTIONS_UNMAP &&
>> - !(flags & BDRV_O_UNMAP)) {
>> - errx(EXIT_FAILURE, "setting detect-zeroes to unmap is not allowed "
>> - "without setting discard operation to unmap");
>> - }
>> break;
>> case 'b':
>> bindto = optarg;
>> @@ -530,13 +525,17 @@ int main(int argc, char **argv)
>> port = (uint16_t)li;
>> break;
>> case 'o':
>> - dev_offset = strtoll (optarg, &end, 0);
>> + errno = 0;
>> + dev_offset = strtoll(optarg, &end, 0);
>> if (*end) {
>> errx(EXIT_FAILURE, "Invalid offset `%s'", optarg);
>> }
>> if (dev_offset < 0) {
>> errx(EXIT_FAILURE, "Offset must be positive `%s'", optarg);
>> }
>> + if (errno) {
>> + err(EXIT_FAILURE, "Invalid offset `%s'", optarg);
>> + }
>> break;
>> case 'l':
>> if (strstart(optarg, SNAPSHOT_OPT_BASE, NULL)) {
>> @@ -559,13 +558,13 @@ int main(int argc, char **argv)
>> errx(EXIT_FAILURE, "Invalid partition `%s'", optarg);
>> }
>> if (partition < 1 || partition > 8) {
>> - errx(EXIT_FAILURE, "Invalid partition %d", partition);
>> + errx(EXIT_FAILURE, "Invalid partition %s", optarg);
>> }
>> break;
>> case 'k':
>> sockpath = optarg;
>> if (sockpath[0] != '/') {
>> - errx(EXIT_FAILURE, "socket path must be absolute\n");
>> + errx(EXIT_FAILURE, "socket path must be absolute");
>> }
>> break;
>> case 'd':
>> @@ -580,7 +579,12 @@ int main(int argc, char **argv)
>> errx(EXIT_FAILURE, "Invalid shared device number '%s'", optarg);
>> }
>> if (shared < 1) {
>> - errx(EXIT_FAILURE, "Shared device number must be greater than 0\n");
>> + errx(EXIT_FAILURE,
>> + "Shared device number must be greater than 0");
>> + }
>> + if (shared >= INT_MAX) {
>> + errx(EXIT_FAILURE,
>> + "Shared device number must be less than %i", INT_MAX);
>> }
>> break;
>> case 'f':
>> @@ -606,6 +610,12 @@ int main(int argc, char **argv)
>> }
>> }
>>
>> + if (detect_zeroes == BLOCKDEV_DETECT_ZEROES_OPTIONS_UNMAP &&
>> + !(flags & BDRV_O_UNMAP)) {
>> + errx(EXIT_FAILURE, "Setting detect-zeroes to unmap is not allowed "
>> + "without setting discard operation to unmap");
>> + }
>> +
>> if ((argc - optind) != 1) {
>> errx(EXIT_FAILURE, "Invalid number of argument.\n"
>> "Try `%s --help' for more information.",
>> @@ -730,10 +740,14 @@ int main(int argc, char **argv)
>> }
>>
>> if (partition != -1) {
>> + if (dev_offset) {
>> + errx(EXIT_FAILURE, "Cannot use both -o and -P at the same time");
>> + }
>> +
>> ret = find_partition(blk, partition, &dev_offset, &fd_size);
>> if (ret < 0) {
>> errno = -ret;
>> - err(EXIT_FAILURE, "Could not find partition %d", partition);
>> + err(EXIT_FAILURE, "Could not find partition %ld", partition);
>> }
>> }
>>
>>
next prev parent reply other threads:[~2015-03-16 13:56 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-25 18:08 [Qemu-devel] [PATCH 00/25] nbd: Several fixes Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 01/25] util/uri: Add overflow check to rfc3986_parse_port Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 02/25] qemu-nbd: Detect unused partitions by system == 0 Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 03/25] nbd: Fix nbd_establish_connection()'s return value Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 04/25] nbd: Fix response to invalid requests Max Reitz
2015-03-02 16:52 ` Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 05/25] nbd: Avoid generic -EINVAL Max Reitz
2015-03-11 11:22 ` Paolo Bonzini
2015-03-16 13:51 ` Max Reitz
2015-03-16 14:42 ` Paolo Bonzini
2015-03-16 14:48 ` Max Reitz
2015-03-16 14:49 ` Paolo Bonzini
2015-02-25 18:08 ` [Qemu-devel] [PATCH 06/25] nbd: Pass return value from nbd_handle_list() Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 07/25] nbd: Add "failed to open export" error message Max Reitz
2015-03-11 11:24 ` Paolo Bonzini
2015-03-16 13:55 ` Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 08/25] nbd: Handle blk_getlength() failure Max Reitz
2015-03-11 11:26 ` Paolo Bonzini
2015-02-25 18:08 ` [Qemu-devel] [PATCH 09/25] qemu-nbd: fork() can fail Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 10/25] nbd: Fix potential signed overflow issues Max Reitz
2015-03-11 11:28 ` Paolo Bonzini
2015-02-25 18:08 ` [Qemu-devel] [PATCH 11/25] qemu-nbd: Fix and improve input verification Max Reitz
2015-03-11 11:30 ` Paolo Bonzini
2015-03-16 13:56 ` Max Reitz [this message]
2015-02-25 18:08 ` [Qemu-devel] [PATCH 12/25] nbd: Set block size to BDRV_SECTOR_SIZE Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 13/25] nbd: Enforce sector alignment Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 14/25] coroutine: Add co_yield_timeout() Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 15/25] coroutine-io: Return -errno in case of error Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 16/25] coroutine-io: Add I/O functions with timeout Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 17/25] nbd: Employ timeouts Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 18/25] nbd: Fix nbd_receive_options() Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 19/25] nbd: Fix interpretation of the export flags Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 20/25] block/nbd: Comment on discard/flush silently failing Max Reitz
2015-03-11 11:31 ` Paolo Bonzini
2015-03-16 13:58 ` Max Reitz
2015-03-16 14:44 ` Paolo Bonzini
2015-03-16 14:49 ` Max Reitz
2015-03-16 14:51 ` Paolo Bonzini
2015-03-16 14:52 ` Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 21/25] nbd: Drop unexpected data for NBD_OPT_LIST Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 22/25] iotests: Add _timeout function Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 23/25] iotests: Add test for invalid qemu-nbd parameters Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 24/25] iotests: Add test for issuing discard over NBD Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 25/25] iotests: Add test for a non-existing NBD export Max Reitz
2015-02-25 18:11 ` [Qemu-devel] [PATCH 00/25] nbd: Several fixes Max Reitz
2015-03-11 11:36 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5506E113.50908@redhat.com \
--to=mreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.