From: Max Reitz <mreitz@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>, qemu-block@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 11/25] qemu-nbd: Fix and improve input verification
Date: Mon, 16 Mar 2015 09:56:35 -0400 [thread overview]
Message-ID: <5506E113.50908@redhat.com> (raw)
In-Reply-To: <55002750.6000008@redhat.com>
On 2015-03-11 at 07:30, Paolo Bonzini wrote:
>
> On 25/02/2015 19:08, Max Reitz wrote:
>> This patch makes sure the result of strtol() does not overflow (by
>> storing it in long integers instead of plain integers, and by checking
>> errno), allows the user to specify "--discard on" and
>> "--detect-zeroes unmap" in any order and strips the trailing \n from two
>> error messages.
>>
>> Signed-off-by: Max Reitz <mreitz@redhat.com>
>> ---
>> qemu-nbd.c | 40 +++++++++++++++++++++++++++-------------
>> 1 file changed, 27 insertions(+), 13 deletions(-)
> Let's introduce a general purpose utility instead of duplicating the
> checks in every strto* caller.
>
> For example, you can ensure that errno is checked and, if NULL is
> passed as the second argument, that the whole string is a number.
> Something like this:
>
> int qemu_strtol(const char *name, const char **next, int base, long *result)
> {
> char *p;
> errno = 0;
> *result = strtol(name, &p, base);
> if (!next && *p) {
> return -EINVAL;
> }
> if (next) {
> *next = p;
> }
> return -errno;
> }
I was afraid you might say this... Will do.
Thank you for reviewing!
Max
> Paolo
>
>> diff --git a/qemu-nbd.c b/qemu-nbd.c
>> index fd1e0c8..7376a35 100644
>> --- a/qemu-nbd.c
>> +++ b/qemu-nbd.c
>> @@ -51,7 +51,7 @@ static char *srcpath;
>> static char *sockpath;
>> static int persistent = 0;
>> static enum { RUNNING, TERMINATE, TERMINATING, TERMINATED } state;
>> -static int shared = 1;
>> +static long shared = 1;
>> static int nb_fds;
>>
>> static void usage(const char *name)
>> @@ -432,10 +432,10 @@ int main(int argc, char **argv)
>> };
>> int ch;
>> int opt_ind = 0;
>> - int li;
>> + long li;
>> char *end;
>> int flags = BDRV_O_RDWR;
>> - int partition = -1;
>> + long partition = -1;
>> int ret = 0;
>> int fd;
>> bool seen_cache = false;
>> @@ -510,11 +510,6 @@ int main(int argc, char **argv)
>> errx(EXIT_FAILURE, "Failed to parse detect_zeroes mode: %s",
>> error_get_pretty(local_err));
>> }
>> - if (detect_zeroes == BLOCKDEV_DETECT_ZEROES_OPTIONS_UNMAP &&
>> - !(flags & BDRV_O_UNMAP)) {
>> - errx(EXIT_FAILURE, "setting detect-zeroes to unmap is not allowed "
>> - "without setting discard operation to unmap");
>> - }
>> break;
>> case 'b':
>> bindto = optarg;
>> @@ -530,13 +525,17 @@ int main(int argc, char **argv)
>> port = (uint16_t)li;
>> break;
>> case 'o':
>> - dev_offset = strtoll (optarg, &end, 0);
>> + errno = 0;
>> + dev_offset = strtoll(optarg, &end, 0);
>> if (*end) {
>> errx(EXIT_FAILURE, "Invalid offset `%s'", optarg);
>> }
>> if (dev_offset < 0) {
>> errx(EXIT_FAILURE, "Offset must be positive `%s'", optarg);
>> }
>> + if (errno) {
>> + err(EXIT_FAILURE, "Invalid offset `%s'", optarg);
>> + }
>> break;
>> case 'l':
>> if (strstart(optarg, SNAPSHOT_OPT_BASE, NULL)) {
>> @@ -559,13 +558,13 @@ int main(int argc, char **argv)
>> errx(EXIT_FAILURE, "Invalid partition `%s'", optarg);
>> }
>> if (partition < 1 || partition > 8) {
>> - errx(EXIT_FAILURE, "Invalid partition %d", partition);
>> + errx(EXIT_FAILURE, "Invalid partition %s", optarg);
>> }
>> break;
>> case 'k':
>> sockpath = optarg;
>> if (sockpath[0] != '/') {
>> - errx(EXIT_FAILURE, "socket path must be absolute\n");
>> + errx(EXIT_FAILURE, "socket path must be absolute");
>> }
>> break;
>> case 'd':
>> @@ -580,7 +579,12 @@ int main(int argc, char **argv)
>> errx(EXIT_FAILURE, "Invalid shared device number '%s'", optarg);
>> }
>> if (shared < 1) {
>> - errx(EXIT_FAILURE, "Shared device number must be greater than 0\n");
>> + errx(EXIT_FAILURE,
>> + "Shared device number must be greater than 0");
>> + }
>> + if (shared >= INT_MAX) {
>> + errx(EXIT_FAILURE,
>> + "Shared device number must be less than %i", INT_MAX);
>> }
>> break;
>> case 'f':
>> @@ -606,6 +610,12 @@ int main(int argc, char **argv)
>> }
>> }
>>
>> + if (detect_zeroes == BLOCKDEV_DETECT_ZEROES_OPTIONS_UNMAP &&
>> + !(flags & BDRV_O_UNMAP)) {
>> + errx(EXIT_FAILURE, "Setting detect-zeroes to unmap is not allowed "
>> + "without setting discard operation to unmap");
>> + }
>> +
>> if ((argc - optind) != 1) {
>> errx(EXIT_FAILURE, "Invalid number of argument.\n"
>> "Try `%s --help' for more information.",
>> @@ -730,10 +740,14 @@ int main(int argc, char **argv)
>> }
>>
>> if (partition != -1) {
>> + if (dev_offset) {
>> + errx(EXIT_FAILURE, "Cannot use both -o and -P at the same time");
>> + }
>> +
>> ret = find_partition(blk, partition, &dev_offset, &fd_size);
>> if (ret < 0) {
>> errno = -ret;
>> - err(EXIT_FAILURE, "Could not find partition %d", partition);
>> + err(EXIT_FAILURE, "Could not find partition %ld", partition);
>> }
>> }
>>
>>
next prev parent reply other threads:[~2015-03-16 13:56 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-25 18:08 [Qemu-devel] [PATCH 00/25] nbd: Several fixes Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 01/25] util/uri: Add overflow check to rfc3986_parse_port Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 02/25] qemu-nbd: Detect unused partitions by system == 0 Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 03/25] nbd: Fix nbd_establish_connection()'s return value Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 04/25] nbd: Fix response to invalid requests Max Reitz
2015-03-02 16:52 ` Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 05/25] nbd: Avoid generic -EINVAL Max Reitz
2015-03-11 11:22 ` Paolo Bonzini
2015-03-16 13:51 ` Max Reitz
2015-03-16 14:42 ` Paolo Bonzini
2015-03-16 14:48 ` Max Reitz
2015-03-16 14:49 ` Paolo Bonzini
2015-02-25 18:08 ` [Qemu-devel] [PATCH 06/25] nbd: Pass return value from nbd_handle_list() Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 07/25] nbd: Add "failed to open export" error message Max Reitz
2015-03-11 11:24 ` Paolo Bonzini
2015-03-16 13:55 ` Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 08/25] nbd: Handle blk_getlength() failure Max Reitz
2015-03-11 11:26 ` Paolo Bonzini
2015-02-25 18:08 ` [Qemu-devel] [PATCH 09/25] qemu-nbd: fork() can fail Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 10/25] nbd: Fix potential signed overflow issues Max Reitz
2015-03-11 11:28 ` Paolo Bonzini
2015-02-25 18:08 ` [Qemu-devel] [PATCH 11/25] qemu-nbd: Fix and improve input verification Max Reitz
2015-03-11 11:30 ` Paolo Bonzini
2015-03-16 13:56 ` Max Reitz [this message]
2015-02-25 18:08 ` [Qemu-devel] [PATCH 12/25] nbd: Set block size to BDRV_SECTOR_SIZE Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 13/25] nbd: Enforce sector alignment Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 14/25] coroutine: Add co_yield_timeout() Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 15/25] coroutine-io: Return -errno in case of error Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 16/25] coroutine-io: Add I/O functions with timeout Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 17/25] nbd: Employ timeouts Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 18/25] nbd: Fix nbd_receive_options() Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 19/25] nbd: Fix interpretation of the export flags Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 20/25] block/nbd: Comment on discard/flush silently failing Max Reitz
2015-03-11 11:31 ` Paolo Bonzini
2015-03-16 13:58 ` Max Reitz
2015-03-16 14:44 ` Paolo Bonzini
2015-03-16 14:49 ` Max Reitz
2015-03-16 14:51 ` Paolo Bonzini
2015-03-16 14:52 ` Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 21/25] nbd: Drop unexpected data for NBD_OPT_LIST Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 22/25] iotests: Add _timeout function Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 23/25] iotests: Add test for invalid qemu-nbd parameters Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 24/25] iotests: Add test for issuing discard over NBD Max Reitz
2015-02-25 18:08 ` [Qemu-devel] [PATCH 25/25] iotests: Add test for a non-existing NBD export Max Reitz
2015-02-25 18:11 ` [Qemu-devel] [PATCH 00/25] nbd: Several fixes Max Reitz
2015-03-11 11:36 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5506E113.50908@redhat.com \
--to=mreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).