From: Hanna Reitz <hreitz@redhat.com>
To: qemu-block@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
Hanna Reitz <hreitz@redhat.com>,
qemu-devel@nongnu.org
Subject: [PULL 03/23] block/curl.c: Check error return from curl_easy_setopt()
Date: Mon, 7 Mar 2022 11:35:29 +0100 [thread overview]
Message-ID: <20220307103549.808809-4-hreitz@redhat.com> (raw)
In-Reply-To: <20220307103549.808809-1-hreitz@redhat.com>
From: Peter Maydell <peter.maydell@linaro.org>
Coverity points out that we aren't checking the return value
from curl_easy_setopt() for any of the calls to it we make
in block/curl.c.
Some of these options are documented as always succeeding (e.g.
CURLOPT_VERBOSE) but others have documented failure cases (e.g.
CURLOPT_URL). For consistency we check every call, even the ones
that theoretically cannot fail.
Fixes: Coverity CID 1459336, 1459482, 1460331
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220222152341.850419-3-peter.maydell@linaro.org>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
---
block/curl.c | 90 +++++++++++++++++++++++++++++++++-------------------
1 file changed, 57 insertions(+), 33 deletions(-)
diff --git a/block/curl.c b/block/curl.c
index 9516852971..1e0f609579 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -458,38 +458,51 @@ static int curl_init_state(BDRVCURLState *s, CURLState *state)
if (!state->curl) {
return -EIO;
}
- curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
- curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
- (long) s->sslverify);
- curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYHOST,
- s->sslverify ? 2L : 0L);
+ if (curl_easy_setopt(state->curl, CURLOPT_URL, s->url) ||
+ curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
+ (long) s->sslverify) ||
+ curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYHOST,
+ s->sslverify ? 2L : 0L)) {
+ goto err;
+ }
if (s->cookie) {
- curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
+ if (curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie)) {
+ goto err;
+ }
+ }
+ if (curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, (long)s->timeout) ||
+ curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
+ (void *)curl_read_cb) ||
+ curl_easy_setopt(state->curl, CURLOPT_WRITEDATA, (void *)state) ||
+ curl_easy_setopt(state->curl, CURLOPT_PRIVATE, (void *)state) ||
+ curl_easy_setopt(state->curl, CURLOPT_AUTOREFERER, 1) ||
+ curl_easy_setopt(state->curl, CURLOPT_FOLLOWLOCATION, 1) ||
+ curl_easy_setopt(state->curl, CURLOPT_NOSIGNAL, 1) ||
+ curl_easy_setopt(state->curl, CURLOPT_ERRORBUFFER, state->errmsg) ||
+ curl_easy_setopt(state->curl, CURLOPT_FAILONERROR, 1)) {
+ goto err;
}
- curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, (long)s->timeout);
- curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
- (void *)curl_read_cb);
- curl_easy_setopt(state->curl, CURLOPT_WRITEDATA, (void *)state);
- curl_easy_setopt(state->curl, CURLOPT_PRIVATE, (void *)state);
- curl_easy_setopt(state->curl, CURLOPT_AUTOREFERER, 1);
- curl_easy_setopt(state->curl, CURLOPT_FOLLOWLOCATION, 1);
- curl_easy_setopt(state->curl, CURLOPT_NOSIGNAL, 1);
- curl_easy_setopt(state->curl, CURLOPT_ERRORBUFFER, state->errmsg);
- curl_easy_setopt(state->curl, CURLOPT_FAILONERROR, 1);
-
if (s->username) {
- curl_easy_setopt(state->curl, CURLOPT_USERNAME, s->username);
+ if (curl_easy_setopt(state->curl, CURLOPT_USERNAME, s->username)) {
+ goto err;
+ }
}
if (s->password) {
- curl_easy_setopt(state->curl, CURLOPT_PASSWORD, s->password);
+ if (curl_easy_setopt(state->curl, CURLOPT_PASSWORD, s->password)) {
+ goto err;
+ }
}
if (s->proxyusername) {
- curl_easy_setopt(state->curl,
- CURLOPT_PROXYUSERNAME, s->proxyusername);
+ if (curl_easy_setopt(state->curl,
+ CURLOPT_PROXYUSERNAME, s->proxyusername)) {
+ goto err;
+ }
}
if (s->proxypassword) {
- curl_easy_setopt(state->curl,
- CURLOPT_PROXYPASSWORD, s->proxypassword);
+ if (curl_easy_setopt(state->curl,
+ CURLOPT_PROXYPASSWORD, s->proxypassword)) {
+ goto err;
+ }
}
/* Restrict supported protocols to avoid security issues in the more
@@ -499,18 +512,27 @@ static int curl_init_state(BDRVCURLState *s, CURLState *state)
* Restricting protocols is only supported from 7.19.4 upwards.
*/
#if LIBCURL_VERSION_NUM >= 0x071304
- curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, PROTOCOLS);
- curl_easy_setopt(state->curl, CURLOPT_REDIR_PROTOCOLS, PROTOCOLS);
+ if (curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, PROTOCOLS) ||
+ curl_easy_setopt(state->curl, CURLOPT_REDIR_PROTOCOLS, PROTOCOLS)) {
+ goto err;
+ }
#endif
#ifdef DEBUG_VERBOSE
- curl_easy_setopt(state->curl, CURLOPT_VERBOSE, 1);
+ if (curl_easy_setopt(state->curl, CURLOPT_VERBOSE, 1)) {
+ goto err;
+ }
#endif
}
state->s = s;
return 0;
+
+err:
+ curl_easy_cleanup(state->curl);
+ state->curl = NULL;
+ return -EIO;
}
/* Called with s->mutex held. */
@@ -765,10 +787,13 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
}
s->accept_range = false;
- curl_easy_setopt(state->curl, CURLOPT_NOBODY, 1);
- curl_easy_setopt(state->curl, CURLOPT_HEADERFUNCTION,
- curl_header_cb);
- curl_easy_setopt(state->curl, CURLOPT_HEADERDATA, s);
+ if (curl_easy_setopt(state->curl, CURLOPT_NOBODY, 1) ||
+ curl_easy_setopt(state->curl, CURLOPT_HEADERFUNCTION, curl_header_cb) ||
+ curl_easy_setopt(state->curl, CURLOPT_HEADERDATA, s)) {
+ pstrcpy(state->errmsg, CURL_ERROR_SIZE,
+ "curl library initialization failed.");
+ goto out;
+ }
if (curl_easy_perform(state->curl))
goto out;
if (curl_easy_getinfo(state->curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &d)) {
@@ -881,9 +906,8 @@ static void curl_setup_preadv(BlockDriverState *bs, CURLAIOCB *acb)
snprintf(state->range, 127, "%" PRIu64 "-%" PRIu64, start, end);
trace_curl_setup_preadv(acb->bytes, start, state->range);
- curl_easy_setopt(state->curl, CURLOPT_RANGE, state->range);
-
- if (curl_multi_add_handle(s->multi, state->curl) != CURLM_OK) {
+ if (curl_easy_setopt(state->curl, CURLOPT_RANGE, state->range) ||
+ curl_multi_add_handle(s->multi, state->curl) != CURLM_OK) {
state->acb[0] = NULL;
acb->ret = -EIO;
--
2.34.1
next prev parent reply other threads:[~2022-03-07 11:10 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-07 10:35 [PULL 00/23] Block patches Hanna Reitz
2022-03-07 10:35 ` [PULL 01/23] ide: Increment BB in-flight counter for TRIM BH Hanna Reitz
2022-03-07 10:35 ` [PULL 02/23] block/curl.c: Set error message string if curl_init_state() fails Hanna Reitz
2022-03-07 10:35 ` Hanna Reitz [this message]
2022-03-07 10:35 ` [PULL 04/23] block: fix preallocate filter: don't do unaligned preallocate requests Hanna Reitz
2022-03-07 10:35 ` [PULL 05/23] tests/qemu-iotests/040: Skip TestCommitWithFilters without 'throttle' Hanna Reitz
2022-03-07 10:35 ` [PULL 06/23] tests/qemu-iotests/testrunner: Quote "case not run" lines in TAP mode Hanna Reitz
2022-03-07 10:35 ` [PULL 07/23] iotests: Write test output to TEST_DIR Hanna Reitz
2022-03-07 10:35 ` [PULL 08/23] block/block-copy: move copy_bitmap initialization to block_copy_state_new() Hanna Reitz
2022-03-07 10:35 ` [PULL 09/23] block/dirty-bitmap: bdrv_merge_dirty_bitmap(): add return value Hanna Reitz
2022-03-07 10:35 ` [PULL 10/23] block/block-copy: block_copy_state_new(): add bitmap parameter Hanna Reitz
2022-03-07 10:35 ` [PULL 11/23] block/copy-before-write: add bitmap open parameter Hanna Reitz
2022-03-07 10:35 ` [PULL 12/23] block/block-copy: add block_copy_reset() Hanna Reitz
2022-03-07 10:35 ` [PULL 13/23] block: intoduce reqlist Hanna Reitz
2022-03-07 10:35 ` [PULL 14/23] block/reqlist: reqlist_find_conflict(): use ranges_overlap() Hanna Reitz
2022-03-07 10:35 ` [PULL 15/23] block/dirty-bitmap: introduce bdrv_dirty_bitmap_status() Hanna Reitz
2022-03-07 10:35 ` [PULL 16/23] block/reqlist: add reqlist_wait_all() Hanna Reitz
2022-03-07 10:35 ` [PULL 17/23] block/io: introduce block driver snapshot-access API Hanna Reitz
2022-03-07 10:35 ` [PULL 18/23] block: introduce snapshot-access block driver Hanna Reitz
2022-03-07 10:35 ` [PULL 19/23] block: copy-before-write: realize snapshot-access API Hanna Reitz
2022-03-07 10:35 ` [PULL 20/23] iotests/image-fleecing: add test-case for fleecing format node Hanna Reitz
2022-03-07 10:35 ` [PULL 21/23] iotests.py: add qemu_io_pipe_and_status() Hanna Reitz
2022-03-07 10:35 ` [PULL 22/23] iotests/image-fleecing: add test case with bitmap Hanna Reitz
2022-03-07 10:35 ` [PULL 23/23] iotests/image-fleecing: test push backup with fleecing Hanna Reitz
2022-03-07 19:07 ` [PULL 00/23] Block patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220307103549.808809-4-hreitz@redhat.com \
--to=hreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).