From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1M6wOl-0001Wv-CU for qemu-devel@nongnu.org; Wed, 20 May 2009 20:44:39 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1M6wOg-0001WE-FC for qemu-devel@nongnu.org; Wed, 20 May 2009 20:44:38 -0400 Received: from [199.232.76.173] (port=41074 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1M6wOg-0001W9-9p for qemu-devel@nongnu.org; Wed, 20 May 2009 20:44:34 -0400 Received: from mx2.redhat.com ([66.187.237.31]:57655) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1M6wOf-0007OL-Kd for qemu-devel@nongnu.org; Wed, 20 May 2009 20:44:33 -0400 From: Glauber Costa Date: Wed, 20 May 2009 20:44:30 -0400 Message-Id: <1242866670-15488-3-git-send-email-glommer@redhat.com> In-Reply-To: <1242866670-15488-2-git-send-email-glommer@redhat.com> References: <1242866670-15488-1-git-send-email-glommer@redhat.com> <1242866670-15488-2-git-send-email-glommer@redhat.com> Subject: [Qemu-devel] [PATCH STABLE 2/2] net: Fix -net socket parameter checks List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Jan Kiszka , aliguori@us.ibm.com My commit ea053add700d8abe203cd79a9ffb082aee4eabc0 broke -net socket by overwriting an intermediate buffer in the added check_param. Fix this by switching check_param to automatic buffer allocation and release, ie. callers no longer have to worry about providing a scratch buffer. Signed-off-by: Jan Kiszka Signed-off-by: Anthony Liguori Signed-off-by: Glauber Costa --- sysemu.h | 3 +-- vl.c | 32 +++++++++++++++++++++++--------- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/sysemu.h b/sysemu.h index 57217c1..3cc36b5 100644 --- a/sysemu.h +++ b/sysemu.h @@ -245,7 +245,6 @@ const char *get_opt_name(char *buf, int buf_size, const char *p); const char *get_opt_value(char *buf, int buf_size, const char *p); int get_param_value(char *buf, int buf_size, const char *tag, const char *str); -int check_params(char *buf, int buf_size, - const char * const *params, const char *str); +int check_params(const char * const *params, const char *str); #endif diff --git a/vl.c b/vl.c index 56623fb..1a7e609 100644 --- a/vl.c +++ b/vl.c @@ -1918,29 +1918,43 @@ int get_param_value(char *buf, int buf_size, return 0; } -int check_params(char *buf, int buf_size, - const char * const *params, const char *str) +int check_params(const char * const *params, const char *str) { + int name_buf_size = 1; const char *p; - int i; + char *name_buf; + int i, len; + int ret = 0; + + for (i = 0; params[i] != NULL; i++) { + len = strlen(params[i]) + 1; + if (len > name_buf_size) { + name_buf_size = len; + } + } + name_buf = qemu_malloc(name_buf_size); p = str; for(;;) { - p = get_opt_name(buf, buf_size, p); + p = get_opt_name(name_buf, name_buf_size, p); if (*p != '=') return -1; p++; for(i = 0; params[i] != NULL; i++) - if (!strcmp(params[i], buf)) + if (!strcmp(params[i], name_buf)) break; - if (params[i] == NULL) - return -1; + if (params[i] == NULL) { + ret = -1; + break; + } p = get_opt_value(NULL, 0, p); if (*p != ',') break; p++; } - return 0; + + qemu_free(name_buf); + return ret; } /***********************************************************/ @@ -2297,7 +2311,7 @@ int drive_init(struct drive_opt *arg, int snapshot, void *opaque) "cache", "format", "serial", "werror", NULL }; - if (check_params(buf, sizeof(buf), params, str) < 0) { + if (check_params(params, str) < 0) { fprintf(stderr, "qemu: unknown parameter '%s' in '%s'\n", buf, str); return -1; -- 1.5.6.6