From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49048) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XfSrT-00065k-R7 for qemu-devel@nongnu.org; Sat, 18 Oct 2014 08:12:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XfSrJ-0004P3-Ab for qemu-devel@nongnu.org; Sat, 18 Oct 2014 08:11:55 -0400 Received: from mx1.redhat.com ([209.132.183.28]:24012) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XfSrJ-0004Oz-1a for qemu-devel@nongnu.org; Sat, 18 Oct 2014 08:11:45 -0400 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s9ICBiZN028192 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sat, 18 Oct 2014 08:11:44 -0400 From: "Richard W.M. Jones" Date: Sat, 18 Oct 2014 13:11:34 +0100 Message-Id: <1413634294-31199-2-git-send-email-rjones@redhat.com> In-Reply-To: <1413634294-31199-1-git-send-email-rjones@redhat.com> References: <1413634294-31199-1-git-send-email-rjones@redhat.com> Subject: [Qemu-devel] [PATCH v1 repost] block/curl: Improve type safety of s->timeout. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: kwolf@redhat.com, lersek@redhat.com, stefanha@redhat.com qemu_opt_get_number returns a uint64_t, and curl_easy_setopt expects a long (not an int). Store the timeout (which is a positive number of seconds) as a uint64_t. Check that the number given by the user is reasonable. Cast it to long before calling curl_easy_setopt. Example error message after this change has been applied: $ ./qemu-img create -f qcow2 /tmp/test.qcow2 \ -b 'json: { "file.driver":"https", "file.url":"https://foo/bar", "file.timeout":-1 }' qemu-img: /tmp/test.qcow2: Could not open 'json: { "file.driver":"https", "file.url":"https://foo/bar", "file.timeout":-1 }': timeout parameter is too large or negative: Invalid argument Signed-off-by: Richard W.M. Jones Reviewed-by: Laszlo Ersek --- block/curl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/block/curl.c b/block/curl.c index 225407c..5233ff6 100644 --- a/block/curl.c +++ b/block/curl.c @@ -112,7 +112,7 @@ typedef struct BDRVCURLState { char *url; size_t readahead_size; bool sslverify; - int timeout; + uint64_t timeout; char *cookie; bool accept_range; AioContext *aio_context; @@ -390,7 +390,7 @@ static CURLState *curl_init_state(BlockDriverState *bs, BDRVCURLState *s) if (s->cookie) { curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie); } - curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, s->timeout); + curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, (long)s->timeout); curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION, (void *)curl_read_cb); curl_easy_setopt(state->curl, CURLOPT_WRITEDATA, (void *)state); @@ -546,6 +546,10 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags, s->timeout = qemu_opt_get_number(opts, CURL_BLOCK_OPT_TIMEOUT, CURL_TIMEOUT_DEFAULT); + if (s->timeout > 100000) { + error_setg(errp, "timeout parameter is too large or negative"); + goto out_noclean; + } s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true); -- 2.0.4