* 回复: Re: [PATCH] block/curl: free s->password in cleanup paths
@ 2026-03-24 3:25 赵国汗
2026-03-24 4:53 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 5+ messages in thread
From: 赵国汗 @ 2026-03-24 3:25 UTC (permalink / raw)
To: zhaoguohan_salmon, Kevin Wolf, Hanna Reitz,
Philippe Mathieu-Daudé
Cc: qemu-block, qemu-devel
[-- Attachment #1: Type: text/html, Size: 3653 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: 回复: Re: [PATCH] block/curl: free s->password in cleanup paths
2026-03-24 3:25 回复: Re: [PATCH] block/curl: free s->password in cleanup paths 赵国汗
@ 2026-03-24 4:53 ` Philippe Mathieu-Daudé
2026-03-24 6:10 ` [PATCH] block/curl: factor common cleanup and free password zhaoguohan
2026-03-24 6:13 ` [PATCH v2] " zhaoguohan
0 siblings, 2 replies; 5+ messages in thread
From: Philippe Mathieu-Daudé @ 2026-03-24 4:53 UTC (permalink / raw)
To: 赵国汗, zhaoguohan_salmon, Kevin Wolf,
Hanna Reitz
Cc: qemu-block, qemu-devel
On 24/3/26 04:25, 赵国汗 wrote:
> > Should we directly call curl_close() here instead? Otherwise
>
> > factor a common curl_cleanup() out and reuse?
>
> Thanks for the suggestion.
>
> I don't think curl_close() can be used directly from out_noclean, since
> out_noclean is reached from partially initialized states.
>
> curl_close() assumes a successfully opened instance and tears down the
> aio/curl state via curl_detach_aio_context(), while out_noclean is used
> before curl_attach_aio_context() and, in some cases, before s->sockets is
> initialized.
>
> So I think reusing curl_close() here would conflate the open-failure and
> normal close paths.
>
> If we want to deduplicate this later, factoring out only the common field
> cleanup into a small helper should be safer.
Yes, this is what I meant.
Regards,
Phil.
> *主 题:*Re: [PATCH] block/curl: free s->password in cleanup paths
> *日 期:*2026年03月20日17:24
> *发件人:*Philippe Mathieu-Daudé
> *收件人:*zhaoguohan_salmon,Kevin Wolf,Hanna Reitz,Philippe Mathieu-Daudé
> *抄送人:*qemu-block,qemu-devel
>
> Hi, On 20/3/26 07:30, zhaoguohan_salmon@163.com wrote: > From: GuoHan
> Zhao <zhaoguohan@kylinos.cn> > > When password-secret is used,
> curl_open() resolves it with > qcrypto_secret_lookup_as_utf8() and
> stores the returned buffer in > s->password. > > Unlike s-
> >proxypassword, s->password is not freed either in the open > failure
> path or in curl_close(), so the resolved secret leaks once it > has been
> allocated. > > Free s->password in both cleanup paths. > > Signed-off-
> by: GuoHan Zhao <zhaoguohan@kylinos.cn> > --- > block/curl.c | 2 ++ > 1
> file changed, 2 insertions(+) > > diff --git a/block/curl.c b/block/
> curl.c > index 66aecfb20ec6..419df78258bc 100644 > --- a/block/curl.c >
> +++ b/block/curl.c > @@ -903,6 +903,7 @@ out_noclean: > g_free(s-
> >cookie); > g_free(s->url); > g_free(s->username); > + g_free(s-
> >password); > g_free(s->proxyusername); > g_free(s->proxypassword); >
> if (s->sockets) { Should we directly call curl_close() here instead?
> Otherwise factor a common curl_cleanup() out and reuse? > @@ -1014,6
> +1015,7 @@ static void curl_close(BlockDriverState *bs) > g_free(s-
> >cookie); > g_free(s->url); > g_free(s->username); > + g_free(s-
> >password); > g_free(s->proxyusername); > g_free(s->proxypassword); > }
> </zhaoguohan@kylinos.cn></zhaoguohan@kylinos.cn>
>
>
> ---
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] block/curl: factor common cleanup and free password
2026-03-24 4:53 ` Philippe Mathieu-Daudé
@ 2026-03-24 6:10 ` zhaoguohan
2026-03-24 6:13 ` [PATCH v2] " zhaoguohan
1 sibling, 0 replies; 5+ messages in thread
From: zhaoguohan @ 2026-03-24 6:10 UTC (permalink / raw)
To: Kevin Wolf, Hanna Reitz, Philippe Mathieu-Daudé
Cc: qemu-block, qemu-devel, GuoHan Zhao
From: GuoHan Zhao <zhaoguohan@kylinos.cn>
Factor duplicated cleanup code into a helper and reuse it in the
open failure path and curl_close().
Also free s->password, fixing a leak.
Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
---
block/curl.c | 38 +++++++++++++++++++++++---------------
1 file changed, 23 insertions(+), 15 deletions(-)
diff --git a/block/curl.c b/block/curl.c
index 66aecfb20ec6..577b8d5a4e67 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -622,6 +622,27 @@ static void curl_attach_aio_context(BlockDriverState *bs,
curl_multi_setopt(s->multi, CURLMOPT_TIMERFUNCTION, curl_timer_cb);
}
+static void curl_cleanup(BDRVCURLState *s)
+{
+ g_free(s->cookie);
+ s->cookie = NULL;
+ g_free(s->url);
+ s->url = NULL;
+ g_free(s->username);
+ s->username = NULL;
+ g_free(s->password);
+ s->password = NULL;
+ g_free(s->proxyusername);
+ s->proxyusername = NULL;
+ g_free(s->proxypassword);
+ s->proxypassword = NULL;
+ if (s->sockets) {
+ curl_drop_all_sockets(s->sockets);
+ g_hash_table_destroy(s->sockets);
+ s->sockets = NULL;
+ }
+}
+
static QemuOptsList runtime_opts = {
.name = "curl",
.head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head),
@@ -900,15 +921,7 @@ out:
state->curl = NULL;
out_noclean:
qemu_mutex_destroy(&s->mutex);
- g_free(s->cookie);
- g_free(s->url);
- g_free(s->username);
- g_free(s->proxyusername);
- g_free(s->proxypassword);
- if (s->sockets) {
- curl_drop_all_sockets(s->sockets);
- g_hash_table_destroy(s->sockets);
- }
+ curl_cleanup(s);
qemu_opts_del(opts);
return -EINVAL;
}
@@ -1010,12 +1023,7 @@ static void curl_close(BlockDriverState *bs)
curl_detach_aio_context(bs);
qemu_mutex_destroy(&s->mutex);
- g_hash_table_destroy(s->sockets);
- g_free(s->cookie);
- g_free(s->url);
- g_free(s->username);
- g_free(s->proxyusername);
- g_free(s->proxypassword);
+ curl_cleanup(s);
}
static int64_t coroutine_fn curl_co_getlength(BlockDriverState *bs)
--
2.43.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v2] block/curl: factor common cleanup and free password
2026-03-24 4:53 ` Philippe Mathieu-Daudé
2026-03-24 6:10 ` [PATCH] block/curl: factor common cleanup and free password zhaoguohan
@ 2026-03-24 6:13 ` zhaoguohan
2026-03-24 9:19 ` Daniel P. Berrangé
1 sibling, 1 reply; 5+ messages in thread
From: zhaoguohan @ 2026-03-24 6:13 UTC (permalink / raw)
To: Kevin Wolf, Hanna Reitz, Philippe Mathieu-Daudé
Cc: qemu-block, qemu-devel, GuoHan Zhao
From: GuoHan Zhao <zhaoguohan@kylinos.cn>
Factor duplicated cleanup code into a helper and reuse it in the
open failure path and curl_close().
Also free s->password, fixing a leak.
Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
---
block/curl.c | 38 +++++++++++++++++++++++---------------
1 file changed, 23 insertions(+), 15 deletions(-)
diff --git a/block/curl.c b/block/curl.c
index 66aecfb20ec6..577b8d5a4e67 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -622,6 +622,27 @@ static void curl_attach_aio_context(BlockDriverState *bs,
curl_multi_setopt(s->multi, CURLMOPT_TIMERFUNCTION, curl_timer_cb);
}
+static void curl_cleanup(BDRVCURLState *s)
+{
+ g_free(s->cookie);
+ s->cookie = NULL;
+ g_free(s->url);
+ s->url = NULL;
+ g_free(s->username);
+ s->username = NULL;
+ g_free(s->password);
+ s->password = NULL;
+ g_free(s->proxyusername);
+ s->proxyusername = NULL;
+ g_free(s->proxypassword);
+ s->proxypassword = NULL;
+ if (s->sockets) {
+ curl_drop_all_sockets(s->sockets);
+ g_hash_table_destroy(s->sockets);
+ s->sockets = NULL;
+ }
+}
+
static QemuOptsList runtime_opts = {
.name = "curl",
.head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head),
@@ -900,15 +921,7 @@ out:
state->curl = NULL;
out_noclean:
qemu_mutex_destroy(&s->mutex);
- g_free(s->cookie);
- g_free(s->url);
- g_free(s->username);
- g_free(s->proxyusername);
- g_free(s->proxypassword);
- if (s->sockets) {
- curl_drop_all_sockets(s->sockets);
- g_hash_table_destroy(s->sockets);
- }
+ curl_cleanup(s);
qemu_opts_del(opts);
return -EINVAL;
}
@@ -1010,12 +1023,7 @@ static void curl_close(BlockDriverState *bs)
curl_detach_aio_context(bs);
qemu_mutex_destroy(&s->mutex);
- g_hash_table_destroy(s->sockets);
- g_free(s->cookie);
- g_free(s->url);
- g_free(s->username);
- g_free(s->proxyusername);
- g_free(s->proxypassword);
+ curl_cleanup(s);
}
static int64_t coroutine_fn curl_co_getlength(BlockDriverState *bs)
--
2.43.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2] block/curl: factor common cleanup and free password
2026-03-24 6:13 ` [PATCH v2] " zhaoguohan
@ 2026-03-24 9:19 ` Daniel P. Berrangé
0 siblings, 0 replies; 5+ messages in thread
From: Daniel P. Berrangé @ 2026-03-24 9:19 UTC (permalink / raw)
To: zhaoguohan
Cc: Kevin Wolf, Hanna Reitz, Philippe Mathieu-Daudé, qemu-block,
qemu-devel
On Tue, Mar 24, 2026 at 02:13:45PM +0800, zhaoguohan@kylinos.cn wrote:
> From: GuoHan Zhao <zhaoguohan@kylinos.cn>
>
> Factor duplicated cleanup code into a helper and reuse it in the
> open failure path and curl_close().
>
> Also free s->password, fixing a leak.
Please don't mix bug fixes with refactorings. These should be
separate commits.
> Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
> ---
> block/curl.c | 38 +++++++++++++++++++++++---------------
> 1 file changed, 23 insertions(+), 15 deletions(-)
>
> diff --git a/block/curl.c b/block/curl.c
> index 66aecfb20ec6..577b8d5a4e67 100644
> --- a/block/curl.c
> +++ b/block/curl.c
> @@ -622,6 +622,27 @@ static void curl_attach_aio_context(BlockDriverState *bs,
> curl_multi_setopt(s->multi, CURLMOPT_TIMERFUNCTION, curl_timer_cb);
> }
>
> +static void curl_cleanup(BDRVCURLState *s)
> +{
> + g_free(s->cookie);
> + s->cookie = NULL;
Use this pattern:
g_clear_pointer(&s->cookie, g_free);
> + g_free(s->url);
> + s->url = NULL;
> + g_free(s->username);
> + s->username = NULL;
> + g_free(s->password);
> + s->password = NULL;
> + g_free(s->proxyusername);
> + s->proxyusername = NULL;
> + g_free(s->proxypassword);
> + s->proxypassword = NULL;
> + if (s->sockets) {
> + curl_drop_all_sockets(s->sockets);
> + g_hash_table_destroy(s->sockets);
> + s->sockets = NULL;
g_clear_pointer(&s->sockets, g_hash_table_destroy)
> + }
> +}
> +
> static QemuOptsList runtime_opts = {
> .name = "curl",
> .head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head),
> @@ -900,15 +921,7 @@ out:
> state->curl = NULL;
> out_noclean:
> qemu_mutex_destroy(&s->mutex);
> - g_free(s->cookie);
> - g_free(s->url);
> - g_free(s->username);
> - g_free(s->proxyusername);
> - g_free(s->proxypassword);
> - if (s->sockets) {
> - curl_drop_all_sockets(s->sockets);
> - g_hash_table_destroy(s->sockets);
> - }
> + curl_cleanup(s);
> qemu_opts_del(opts);
> return -EINVAL;
> }
> @@ -1010,12 +1023,7 @@ static void curl_close(BlockDriverState *bs)
> curl_detach_aio_context(bs);
> qemu_mutex_destroy(&s->mutex);
>
> - g_hash_table_destroy(s->sockets);
> - g_free(s->cookie);
> - g_free(s->url);
> - g_free(s->username);
> - g_free(s->proxyusername);
> - g_free(s->proxypassword);
> + curl_cleanup(s);
> }
>
> static int64_t coroutine_fn curl_co_getlength(BlockDriverState *bs)
> --
> 2.43.0
>
>
With regards,
Daniel
--
|: https://berrange.com ~~ https://hachyderm.io/@berrange :|
|: https://libvirt.org ~~ https://entangle-photo.org :|
|: https://pixelfed.art/berrange ~~ https://fstop138.berrange.com :|
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-03-24 9:20 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-24 3:25 回复: Re: [PATCH] block/curl: free s->password in cleanup paths 赵国汗
2026-03-24 4:53 ` Philippe Mathieu-Daudé
2026-03-24 6:10 ` [PATCH] block/curl: factor common cleanup and free password zhaoguohan
2026-03-24 6:13 ` [PATCH v2] " zhaoguohan
2026-03-24 9:19 ` Daniel P. Berrangé
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.