From: Greg Kurz <groug@kaod.org>
To: Christian Schoenebeck <qemu_oss@crudebyte.com>
Cc: Peter Maydell <peter.maydell@linaro.org>, qemu-devel@nongnu.org
Subject: Re: [PATCH] 9pfs/proxy: Check return value of proxy_marshal()
Date: Thu, 14 Jan 2021 15:32:30 +0100 [thread overview]
Message-ID: <20210114153230.79a6b7af@bahia.lan> (raw)
In-Reply-To: <2260349.uzTyekElz3@silver>
On Mon, 11 Jan 2021 14:15:17 +0100
Christian Schoenebeck <qemu_oss@crudebyte.com> wrote:
> On Montag, 11. Januar 2021 10:49:56 CET Greg Kurz wrote:
> > This should always successfully write exactly two 32-bit integers.
> > Make it clear with an assert(), like v9fs_receive_status() and
> > v9fs_receive_response() already do when unmarshalling the same
> > header.
> >
> > Fixes: Coverity CID 1438968
> > Signed-off-by: Greg Kurz <groug@kaod.org>
>
> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
>
> What's your workload Greg, are you able to push this through your queue?
>
I'll take care of the security issue first, likely later today or tomorrow.
It is generally recommended to have separate PRs for CVEs, in order to
ease the backport effort of downstream vendors.
No hurry for this patch though. It isn't even a bug fix : we really can't
get an error at this point since previous calls to proxy_marshal() in this
function obviously succeeded at writing stuff at higher offsets... So this
is really a cosmetic only change to make Coverity happy.
I might be able to send a PR with this next week or the week after I guess.
> It's time that I signup for coverity. I'm doing that now before I forget it
> again.
>
> > ---
> > hw/9pfs/9p-proxy.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c
> > index 6f598a0f111c..4aa4e0a3baa0 100644
> > --- a/hw/9pfs/9p-proxy.c
> > +++ b/hw/9pfs/9p-proxy.c
> > @@ -537,7 +537,8 @@ static int v9fs_request(V9fsProxy *proxy, int type, void
> > *response, ...) }
> >
> > /* marshal the header details */
> > - proxy_marshal(iovec, 0, "dd", header.type, header.size);
> > + retval = proxy_marshal(iovec, 0, "dd", header.type, header.size);
> > + assert(retval == 4 * 2);
> > header.size += PROXY_HDR_SZ;
> >
> > retval = qemu_write_full(proxy->sockfd, iovec->iov_base, header.size);
>
> Best regards,
> Christian Schoenebeck
>
>
next prev parent reply other threads:[~2021-01-14 14:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-11 9:49 [PATCH] 9pfs/proxy: Check return value of proxy_marshal() Greg Kurz
2021-01-11 13:15 ` Christian Schoenebeck via
2021-01-14 14:32 ` Greg Kurz [this message]
2021-01-21 17:04 ` Greg Kurz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210114153230.79a6b7af@bahia.lan \
--to=groug@kaod.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu_oss@crudebyte.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).