From: Markus Armbruster <armbru@redhat.com>
To: qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, kwolf@redhat.com,
mitake.hitoshi@lab.ntt.co.jp, namei.unix@gmail.com,
jcody@redhat.com
Subject: [Qemu-devel] [PATCH 05/15] sheepdog: Fix snapshot ID parsing in _open(), _create, _goto()
Date: Thu, 2 Mar 2017 22:43:56 +0100 [thread overview]
Message-ID: <1488491046-2549-6-git-send-email-armbru@redhat.com> (raw)
In-Reply-To: <1488491046-2549-1-git-send-email-armbru@redhat.com>
sd_parse_uri() and sd_snapshot_goto() screw up error checking after
strtoul(), and truncate long tag names silently. Fix by replacing
those parts by new sd_parse_snapid_or_tag(), which checks more
carefully.
sd_snapshot_delete() also parses snapshot IDs, but is currently too
broken for me to touch. Mark TODO.
Two calls of strtol() without error checking remain in
parse_redundancy(). Mark them FIXME.
More silent truncation of configuration strings remains elsewhere.
Not marked.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
block/sheepdog.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 55 insertions(+), 11 deletions(-)
diff --git a/block/sheepdog.c b/block/sheepdog.c
index 5554f47..deb110e 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -914,6 +914,49 @@ static int get_sheep_fd(BDRVSheepdogState *s, Error **errp)
return fd;
}
+/*
+ * Parse numeric snapshot ID in @str
+ * If @str can't be parsed as number, return false.
+ * Else, if the number is zero or too large, set *@snapid to zero and
+ * return true.
+ * Else, set *@snapid to the number and return true.
+ */
+static bool sd_parse_snapid(const char *str, uint32_t *snapid)
+{
+ unsigned long ul;
+ int ret;
+
+ ret = qemu_strtoul(str, NULL, 10, &ul);
+ if (ret == -ERANGE) {
+ ul = ret = 0;
+ }
+ if (ret) {
+ return false;
+ }
+ if (ul > UINT32_MAX) {
+ ul = 0;
+ }
+
+ *snapid = ul;
+ return true;
+}
+
+static bool sd_parse_snapid_or_tag(const char *str,
+ uint32_t *snapid, char tag[])
+{
+ if (!sd_parse_snapid(str, snapid)) {
+ *snapid = 0;
+ if (g_strlcpy(tag, str, SD_MAX_VDI_TAG_LEN) >= SD_MAX_VDI_TAG_LEN) {
+ return false;
+ }
+ } else if (!*snapid) {
+ return false;
+ } else {
+ tag[0] = 0;
+ }
+ return true;
+}
+
static int sd_parse_uri(BDRVSheepdogState *s, const char *filename,
char *vdi, uint32_t *snapid, char *tag)
{
@@ -965,9 +1008,9 @@ static int sd_parse_uri(BDRVSheepdogState *s, const char *filename,
/* snapshot tag */
if (uri->fragment) {
- *snapid = strtoul(uri->fragment, NULL, 10);
- if (*snapid == 0) {
- pstrcpy(tag, SD_MAX_VDI_TAG_LEN, uri->fragment);
+ if (!sd_parse_snapid_or_tag(uri->fragment, snapid, tag)) {
+ ret = -EINVAL;
+ goto out;
}
} else {
*snapid = CURRENT_VDI_ID; /* search current vdi */
@@ -1686,6 +1729,7 @@ static int parse_redundancy(BDRVSheepdogState *s, const char *opt)
}
copy = strtol(n1, NULL, 10);
+ /* FIXME fix error checking by switching to qemu_strtol() */
if (copy > SD_MAX_COPIES || copy < 1) {
return -EINVAL;
}
@@ -1700,6 +1744,7 @@ static int parse_redundancy(BDRVSheepdogState *s, const char *opt)
}
parity = strtol(n2, NULL, 10);
+ /* FIXME fix error checking by switching to qemu_strtol() */
if (parity >= SD_EC_MAX_STRIP || parity < 1) {
return -EINVAL;
}
@@ -2366,19 +2411,16 @@ static int sd_snapshot_goto(BlockDriverState *bs, const char *snapshot_id)
BDRVSheepdogState *old_s;
char tag[SD_MAX_VDI_TAG_LEN];
uint32_t snapid = 0;
- int ret = 0;
+ int ret;
+
+ if (!sd_parse_snapid_or_tag(snapshot_id, &snapid, tag)) {
+ return -EINVAL;
+ }
old_s = g_new(BDRVSheepdogState, 1);
memcpy(old_s, s, sizeof(BDRVSheepdogState));
- snapid = strtoul(snapshot_id, NULL, 10);
- if (snapid) {
- tag[0] = 0;
- } else {
- pstrcpy(tag, sizeof(tag), snapshot_id);
- }
-
ret = reload_inode(s, snapid, tag);
if (ret) {
goto out;
@@ -2483,6 +2525,7 @@ static int sd_snapshot_delete(BlockDriverState *bs,
memset(buf, 0, sizeof(buf));
memset(snap_tag, 0, sizeof(snap_tag));
pstrcpy(buf, SD_MAX_VDI_LEN, s->name);
+ /* TODO Use sd_parse_snapid() once this mess is cleaned up */
ret = qemu_strtoul(snapshot_id, NULL, 10, &snap_id);
if (ret || snap_id > UINT32_MAX) {
/*
@@ -2499,6 +2542,7 @@ static int sd_snapshot_delete(BlockDriverState *bs,
hdr.snapid = (uint32_t) snap_id;
} else {
/* FIXME I suspect we should use @name here */
+ /* FIXME don't truncate silently */
pstrcpy(snap_tag, sizeof(snap_tag), snapshot_id);
pstrcpy(buf + SD_MAX_VDI_LEN, SD_MAX_VDI_TAG_LEN, snap_tag);
}
--
2.7.4
next prev parent reply other threads:[~2017-03-02 21:44 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-02 21:43 [Qemu-devel] [PATCH 00/15] block: A bunch of fixes for Sheepdog and Gluster Markus Armbruster
2017-03-02 21:43 ` [Qemu-devel] [PATCH 01/15] sheepdog: Defuse time bomb in sd_open() error handling Markus Armbruster
2017-03-02 22:46 ` Eric Blake
2017-03-03 5:18 ` Markus Armbruster
2017-03-02 21:43 ` [Qemu-devel] [PATCH 02/15] sheepdog: Fix error handling in sd_snapshot_delete() Markus Armbruster
2017-03-02 23:13 ` Eric Blake
2017-03-03 5:22 ` Markus Armbruster
2017-03-03 13:07 ` Kevin Wolf
2017-03-03 13:31 ` Markus Armbruster
2017-03-02 21:43 ` [Qemu-devel] [PATCH 03/15] sheepdog: Fix error handling sd_create() Markus Armbruster
2017-03-02 23:16 ` Eric Blake
2017-03-03 0:07 ` Philippe Mathieu-Daudé
2017-03-03 13:13 ` Kevin Wolf
2017-03-02 21:43 ` [Qemu-devel] [PATCH 04/15] sheepdog: Mark sd_snapshot_delete() lossage FIXME Markus Armbruster
2017-03-02 23:18 ` Eric Blake
2017-03-02 21:43 ` Markus Armbruster [this message]
2017-03-02 23:30 ` [Qemu-devel] [PATCH 05/15] sheepdog: Fix snapshot ID parsing in _open(), _create, _goto() Eric Blake
2017-03-03 13:25 ` Kevin Wolf
2017-03-03 13:41 ` Markus Armbruster
2017-03-02 21:43 ` [Qemu-devel] [PATCH 06/15] sheepdog: Don't truncate long VDI name in _open(), _create() Markus Armbruster
2017-03-02 23:32 ` Eric Blake
2017-03-03 0:25 ` Philippe Mathieu-Daudé
2017-03-03 5:21 ` Markus Armbruster
2017-03-03 5:21 ` Markus Armbruster
2017-03-03 0:10 ` Philippe Mathieu-Daudé
2017-03-02 21:43 ` [Qemu-devel] [PATCH 07/15] sheepdog: Report errors in pseudo-filename more usefully Markus Armbruster
2017-03-03 13:36 ` Kevin Wolf
2017-03-03 14:53 ` Markus Armbruster
2017-03-03 13:49 ` Kevin Wolf
2017-03-03 14:57 ` Markus Armbruster
2017-03-02 21:43 ` [Qemu-devel] [PATCH 08/15] sheepdog: Use SocketAddress and socket_connect() Markus Armbruster
2017-03-03 13:47 ` Kevin Wolf
2017-03-02 21:44 ` [Qemu-devel] [PATCH 09/15] sheepdog: Implement bdrv_parse_filename() Markus Armbruster
2017-03-03 20:17 ` Eric Blake
2017-03-02 21:44 ` [Qemu-devel] [PATCH 10/15] gluster: Drop assumptions on SocketTransport names Markus Armbruster
2017-03-03 6:40 ` [Qemu-devel] [Qemu-block] " Niels de Vos
2017-03-03 7:31 ` Markus Armbruster
2017-03-02 21:44 ` [Qemu-devel] [PATCH 11/15] gluster: Don't duplicate qapi-util.c's qapi_enum_parse() Markus Armbruster
2017-03-03 6:35 ` [Qemu-devel] [Qemu-block] " Niels de Vos
2017-03-02 21:44 ` [Qemu-devel] [PATCH 12/15] gluster: Plug memory leaks in qemu_gluster_parse_json() Markus Armbruster
2017-03-03 7:11 ` [Qemu-devel] [Qemu-block] " Niels de Vos
2017-03-03 7:38 ` Markus Armbruster
2017-03-03 8:17 ` Niels de Vos
2017-03-03 8:35 ` Markus Armbruster
2017-03-03 17:06 ` Niels de Vos
2017-03-02 21:44 ` [Qemu-devel] [PATCH 13/15] qapi-schema: Rename GlusterServer to SocketAddressFlat Markus Armbruster
2017-03-03 16:31 ` Eric Blake
2017-03-03 17:05 ` Markus Armbruster
2017-03-03 18:33 ` Eric Blake
2017-03-02 21:44 ` [Qemu-devel] [PATCH 14/15] qapi-schema: Rename SocketAddressFlat's variant tcp to inet Markus Armbruster
2017-03-03 18:35 ` Eric Blake
2017-03-03 20:03 ` Markus Armbruster
2017-03-06 15:00 ` Markus Armbruster
2017-03-02 21:44 ` [Qemu-devel] [PATCH 15/15] sheepdog: Support blockdev-add Markus Armbruster
2017-03-03 18:42 ` Eric Blake
2017-03-02 23:35 ` [Qemu-devel] [PATCH 00/15] block: A bunch of fixes for Sheepdog and Gluster Eric Blake
2017-03-03 5:39 ` Markus Armbruster
2017-03-03 16:27 ` Eric Blake
2017-03-03 17:14 ` Peter Maydell
2017-03-03 18:37 ` Markus Armbruster
2017-03-03 18:50 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1488491046-2549-6-git-send-email-armbru@redhat.com \
--to=armbru@redhat.com \
--cc=jcody@redhat.com \
--cc=kwolf@redhat.com \
--cc=mitake.hitoshi@lab.ntt.co.jp \
--cc=namei.unix@gmail.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).