Commit ffad4116 authored by Jan Kiszka's avatar Jan Kiszka Committed by Anthony Liguori
Browse files

net: Fix -net socket parameter checks 



My commit ea053add broke -net socket by
overwriting an intermediate buffer in the added check_param. Fix this
by switching check_param to automatic buffer allocation and release, ie.
callers no longer have to worry about providing a scratch buffer.

Signed-off-by: default avatarJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: default avatarAnthony Liguori <aliguori@us.ibm.com>
parent 6f0437e8

net.c

+10 −10
Original line number Diff line number Diff line
@@ -1791,7 +1791,7 @@ int net_client_init(const char *device, const char *p) 
        uint8_t *macaddr;

        int idx = nic_get_free_idx();



        if (check_params(buf, sizeof(buf), nic_params, p) < 0) {

        if (check_params(nic_params, p) < 0) {

            fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",

                    buf, p);

            return -1;
@@ -1842,7 +1842,7 @@ int net_client_init(const char *device, const char *p) 
        static const char * const slirp_params[] = {

            "vlan", "name", "hostname", "restrict", "ip", NULL

        };

        if (check_params(buf, sizeof(buf), slirp_params, p) < 0) {

        if (check_params(slirp_params, p) < 0) {

            fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",

                    buf, p);

            return -1;
@@ -1893,7 +1893,7 @@ int net_client_init(const char *device, const char *p) 
        };

        char ifname[64];



        if (check_params(buf, sizeof(buf), tap_params, p) < 0) {

        if (check_params(tap_params, p) < 0) {

            fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",

                    buf, p);

            return -1;
@@ -1914,7 +1914,7 @@ int net_client_init(const char *device, const char *p) 
        int fd;

        vlan->nb_host_devs++;

        if (get_param_value(buf, sizeof(buf), "fd", p) > 0) {

            if (check_params(buf, sizeof(buf), fd_params, p) < 0) {

            if (check_params(fd_params, p) < 0) {

                fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",

                        buf, p);

                return -1;
@@ -1927,7 +1927,7 @@ int net_client_init(const char *device, const char *p) 
            static const char * const tap_params[] = {

                "vlan", "name", "ifname", "script", "downscript", NULL

            };

            if (check_params(buf, sizeof(buf), tap_params, p) < 0) {

            if (check_params(tap_params, p) < 0) {

                fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",

                        buf, p);

                return -1;
@@ -1948,7 +1948,7 @@ int net_client_init(const char *device, const char *p) 
    if (!strcmp(device, "socket")) {

        if (get_param_value(buf, sizeof(buf), "fd", p) > 0) {

            int fd;

            if (check_params(buf, sizeof(buf), fd_params, p) < 0) {

            if (check_params(fd_params, p) < 0) {

                fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",

                        buf, p);

                return -1;
@@ -1961,7 +1961,7 @@ int net_client_init(const char *device, const char *p) 
            static const char * const listen_params[] = {

                "vlan", "name", "listen", NULL

            };

            if (check_params(buf, sizeof(buf), listen_params, p) < 0) {

            if (check_params(listen_params, p) < 0) {

                fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",

                        buf, p);

                return -1;
@@ -1971,7 +1971,7 @@ int net_client_init(const char *device, const char *p) 
            static const char * const connect_params[] = {

                "vlan", "name", "connect", NULL

            };

            if (check_params(buf, sizeof(buf), connect_params, p) < 0) {

            if (check_params(connect_params, p) < 0) {

                fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",

                        buf, p);

                return -1;
@@ -1981,7 +1981,7 @@ int net_client_init(const char *device, const char *p) 
            static const char * const mcast_params[] = {

                "vlan", "name", "mcast", NULL

            };

            if (check_params(buf, sizeof(buf), mcast_params, p) < 0) {

            if (check_params(mcast_params, p) < 0) {

                fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",

                        buf, p);

                return -1;
@@ -2002,7 +2002,7 @@ int net_client_init(const char *device, const char *p) 
        char vde_sock[1024], vde_group[512];

	int vde_port, vde_mode;



        if (check_params(buf, sizeof(buf), vde_params, p) < 0) {

        if (check_params(vde_params, p) < 0) {

            fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n",

                    buf, p);

            return -1;

sysemu.h

+1 −2
Original line number Diff line number Diff line
@@ -257,7 +257,6 @@ const char *get_opt_name(char *buf, int buf_size, const char *p, char delim); 
const char *get_opt_value(char *buf, int buf_size, const char *p);

int get_param_value(char *buf, int buf_size,

                    const char *tag, const char *str);

int check_params(char *buf, int buf_size,

                 const char * const *params, const char *str);

int check_params(const char * const *params, const char *str);



#endif

vl.c

+27 −11
Original line number Diff line number Diff line
@@ -1866,29 +1866,45 @@ int get_param_value(char *buf, int buf_size, 
    return 0;

}



int check_params(char *buf, int buf_size,

                 const char * const *params, const char *str)

int check_params(const char * const *params, const char *str)

{

    int name_buf_size = 1;

    const char *p;

    int i;

    char *name_buf;

    int i, len;

    int ret = 0;



    for (i = 0; params[i] != NULL; i++) {

        len = strlen(params[i]) + 1;

        if (len > name_buf_size) {

            name_buf_size = len;

        }

    }

    name_buf = qemu_malloc(name_buf_size);



    p = str;

    while (*p != '\0') {

        p = get_opt_name(buf, buf_size, p, '=');

        if (*p != '=')

            return -1;

        p = get_opt_name(name_buf, name_buf_size, p, '=');

        if (*p != '=') {

            ret = -1;

            break;

        }

        p++;

        for(i = 0; params[i] != NULL; i++)

            if (!strcmp(params[i], buf))

            if (!strcmp(params[i], name_buf))

                break;

        if (params[i] == NULL)

            return -1;

        if (params[i] == NULL) {

            ret = -1;

            break;

        }

        p = get_opt_value(NULL, 0, p);

        if (*p != ',')

            break;

        p++;

    }

    return 0;



    qemu_free(name_buf);

    return ret;

}



/***********************************************************/
@@ -2241,7 +2257,7 @@ int drive_init(struct drive_opt *arg, int snapshot, void *opaque) 
                                           "cache", "format", "serial", "werror",

                                           NULL };



    if (check_params(buf, sizeof(buf), params, str) < 0) {

    if (check_params(params, str) < 0) {

         fprintf(stderr, "qemu: unknown parameter '%s' in '%s'\n",

                         buf, str);

         return -1;