* [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables
@ 2011-10-31 16:11 Markus Armbruster
2011-10-31 16:11 ` [Qemu-devel] [PATCH 1/2] net: socket backend passes junk size to getsockname(), fix Markus Armbruster
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Markus Armbruster @ 2011-10-31 16:11 UTC (permalink / raw)
To: qemu-devel; +Cc: aliguori
Compile-tested only, buyer beware.
Markus Armbruster (2):
net: socket backend passes junk size to getsockname(), fix
net: socket backend shows junk in "info network", fix
net/socket.c | 14 ++++++++++----
1 files changed, 10 insertions(+), 4 deletions(-)
--
1.7.6.4
^ permalink raw reply [flat|nested] 6+ messages in thread* [Qemu-devel] [PATCH 1/2] net: socket backend passes junk size to getsockname(), fix 2011-10-31 16:11 [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster @ 2011-10-31 16:11 ` Markus Armbruster 2011-10-31 16:11 ` [Qemu-devel] [PATCH 2/2] net: socket backend shows junk in "info network", fix Markus Armbruster 2011-11-11 9:36 ` [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster 2 siblings, 0 replies; 6+ messages in thread From: Markus Armbruster @ 2011-10-31 16:11 UTC (permalink / raw) To: qemu-devel; +Cc: aliguori net_socket_fd_init_dgram() passes an uninitialized address length to getsockname(). I guess this happens to work as long as the junk value is at least sizeof(sockaddr_in). Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> --- net/socket.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/net/socket.c b/net/socket.c index e9ef128..eb3e0d6 100644 --- a/net/socket.c +++ b/net/socket.c @@ -260,6 +260,7 @@ static NetSocketState *net_socket_fd_init_dgram(VLANState *vlan, */ if (is_connected) { + saddr_len = sizeof(saddr); if (getsockname(fd, (struct sockaddr *) &saddr, &saddr_len) == 0) { /* must be bound */ if (saddr.sin_addr.s_addr==0) { -- 1.7.6.4 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCH 2/2] net: socket backend shows junk in "info network", fix 2011-10-31 16:11 [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster 2011-10-31 16:11 ` [Qemu-devel] [PATCH 1/2] net: socket backend passes junk size to getsockname(), fix Markus Armbruster @ 2011-10-31 16:11 ` Markus Armbruster 2011-11-11 9:36 ` [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster 2 siblings, 0 replies; 6+ messages in thread From: Markus Armbruster @ 2011-10-31 16:11 UTC (permalink / raw) To: qemu-devel; +Cc: aliguori net_socket_fd_init_dgram() prints uninitialized saddr into nc->info_str. Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> --- net/socket.c | 13 +++++++++---- 1 files changed, 9 insertions(+), 4 deletions(-) diff --git a/net/socket.c b/net/socket.c index eb3e0d6..42bbae4 100644 --- a/net/socket.c +++ b/net/socket.c @@ -288,10 +288,15 @@ static NetSocketState *net_socket_fd_init_dgram(VLANState *vlan, nc = qemu_new_net_client(&net_dgram_socket_info, vlan, NULL, model, name); - snprintf(nc->info_str, sizeof(nc->info_str), - "socket: fd=%d (%s mcast=%s:%d)", - fd, is_connected ? "cloned" : "", - inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port)); + if (is_connected) { + snprintf(nc->info_str, sizeof(nc->info_str), + "socket: fd=%d (cloned mcast=%s:%d)", + fd, inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port)); + } else { + snprintf(nc->info_str, sizeof(nc->info_str), + "socket: fd=%d", + fd); + } s = DO_UPCAST(NetSocketState, nc, nc); -- 1.7.6.4 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables 2011-10-31 16:11 [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster 2011-10-31 16:11 ` [Qemu-devel] [PATCH 1/2] net: socket backend passes junk size to getsockname(), fix Markus Armbruster 2011-10-31 16:11 ` [Qemu-devel] [PATCH 2/2] net: socket backend shows junk in "info network", fix Markus Armbruster @ 2011-11-11 9:36 ` Markus Armbruster 2011-11-11 13:39 ` Anthony Liguori 2 siblings, 1 reply; 6+ messages in thread From: Markus Armbruster @ 2011-11-11 9:36 UTC (permalink / raw) To: qemu-devel; +Cc: aliguori Ping? Markus Armbruster <armbru@redhat.com> writes: > Compile-tested only, buyer beware. > > Markus Armbruster (2): > net: socket backend passes junk size to getsockname(), fix > net: socket backend shows junk in "info network", fix > > net/socket.c | 14 ++++++++++---- > 1 files changed, 10 insertions(+), 4 deletions(-) ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables 2011-11-11 9:36 ` [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster @ 2011-11-11 13:39 ` Anthony Liguori 2011-11-16 7:40 ` Markus Armbruster 0 siblings, 1 reply; 6+ messages in thread From: Anthony Liguori @ 2011-11-11 13:39 UTC (permalink / raw) To: Markus Armbruster; +Cc: qemu-devel On 11/11/2011 03:36 AM, Markus Armbruster wrote: > Ping? I assumed "Compile-tested only, buyer beware." was code for, I'll test the patches later and post to the ML ;-) Regards, Anthony Liguori > > Markus Armbruster<armbru@redhat.com> writes: > >> Compile-tested only, buyer beware. >> >> Markus Armbruster (2): >> net: socket backend passes junk size to getsockname(), fix >> net: socket backend shows junk in "info network", fix >> >> net/socket.c | 14 ++++++++++---- >> 1 files changed, 10 insertions(+), 4 deletions(-) > > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables 2011-11-11 13:39 ` Anthony Liguori @ 2011-11-16 7:40 ` Markus Armbruster 0 siblings, 0 replies; 6+ messages in thread From: Markus Armbruster @ 2011-11-16 7:40 UTC (permalink / raw) To: Anthony Liguori; +Cc: qemu-devel Anthony Liguori <aliguori@us.ibm.com> writes: > On 11/11/2011 03:36 AM, Markus Armbruster wrote: >> Ping? > > I assumed "Compile-tested only, buyer beware." was code for, I'll test > the patches later and post to the ML ;-) Actually, it was "I've never used this network backend, and can't be bothered to try it now, but maybe someone who is using it would like to pick up the patches" ;-P By the time I understood Coverity's reports, the fixes were obvious, so I posted them. I'm happy to shelve them until they get in the way of Coverity scanning. Which I don't expect to happen before another >500 reports have been taken care of. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-11-16 7:40 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2011-10-31 16:11 [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster 2011-10-31 16:11 ` [Qemu-devel] [PATCH 1/2] net: socket backend passes junk size to getsockname(), fix Markus Armbruster 2011-10-31 16:11 ` [Qemu-devel] [PATCH 2/2] net: socket backend shows junk in "info network", fix Markus Armbruster 2011-11-11 9:36 ` [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster 2011-11-11 13:39 ` Anthony Liguori 2011-11-16 7:40 ` Markus Armbruster
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).