diff options
| author | Jan Kiszka <jan.kiszka@web.de> | 2009-04-26 18:53:42 +0200 |
|---|---|---|
| committer | Anthony Liguori <aliguori@us.ibm.com> | 2009-05-01 09:44:11 -0500 |
| commit | ffad4116b96e29e0fbe892806f97c0a6c903d30d (patch) | |
| tree | b16e3325d46f5a1637da46343e0772c09ebf4100 | |
| parent | 6f0437e8de95aebbd9e66af4d074c0d5119d86b7 (diff) | |
| download | hqemu-ffad4116b96e29e0fbe892806f97c0a6c903d30d.zip hqemu-ffad4116b96e29e0fbe892806f97c0a6c903d30d.tar.gz | |
net: Fix -net socket parameter checks
My commit ea053add700d8abe203cd79a9ffb082aee4eabc0 broke -net socket by
overwriting an intermediate buffer in the added check_param. Fix this
by switching check_param to automatic buffer allocation and release, ie.
callers no longer have to worry about providing a scratch buffer.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
| -rw-r--r-- | net.c | 20 | ||||
| -rw-r--r-- | sysemu.h | 3 | ||||
| -rw-r--r-- | vl.c | 38 |
3 files changed, 38 insertions, 23 deletions
@@ -1791,7 +1791,7 @@ int net_client_init(const char *device, const char *p) uint8_t *macaddr; int idx = nic_get_free_idx(); - if (check_params(buf, sizeof(buf), nic_params, p) < 0) { + if (check_params(nic_params, p) < 0) { fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", buf, p); return -1; @@ -1842,7 +1842,7 @@ int net_client_init(const char *device, const char *p) static const char * const slirp_params[] = { "vlan", "name", "hostname", "restrict", "ip", NULL }; - if (check_params(buf, sizeof(buf), slirp_params, p) < 0) { + if (check_params(slirp_params, p) < 0) { fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", buf, p); return -1; @@ -1893,7 +1893,7 @@ int net_client_init(const char *device, const char *p) }; char ifname[64]; - if (check_params(buf, sizeof(buf), tap_params, p) < 0) { + if (check_params(tap_params, p) < 0) { fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", buf, p); return -1; @@ -1914,7 +1914,7 @@ int net_client_init(const char *device, const char *p) int fd; vlan->nb_host_devs++; if (get_param_value(buf, sizeof(buf), "fd", p) > 0) { - if (check_params(buf, sizeof(buf), fd_params, p) < 0) { + if (check_params(fd_params, p) < 0) { fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", buf, p); return -1; @@ -1927,7 +1927,7 @@ int net_client_init(const char *device, const char *p) static const char * const tap_params[] = { "vlan", "name", "ifname", "script", "downscript", NULL }; - if (check_params(buf, sizeof(buf), tap_params, p) < 0) { + if (check_params(tap_params, p) < 0) { fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", buf, p); return -1; @@ -1948,7 +1948,7 @@ int net_client_init(const char *device, const char *p) if (!strcmp(device, "socket")) { if (get_param_value(buf, sizeof(buf), "fd", p) > 0) { int fd; - if (check_params(buf, sizeof(buf), fd_params, p) < 0) { + if (check_params(fd_params, p) < 0) { fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", buf, p); return -1; @@ -1961,7 +1961,7 @@ int net_client_init(const char *device, const char *p) static const char * const listen_params[] = { "vlan", "name", "listen", NULL }; - if (check_params(buf, sizeof(buf), listen_params, p) < 0) { + if (check_params(listen_params, p) < 0) { fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", buf, p); return -1; @@ -1971,7 +1971,7 @@ int net_client_init(const char *device, const char *p) static const char * const connect_params[] = { "vlan", "name", "connect", NULL }; - if (check_params(buf, sizeof(buf), connect_params, p) < 0) { + if (check_params(connect_params, p) < 0) { fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", buf, p); return -1; @@ -1981,7 +1981,7 @@ int net_client_init(const char *device, const char *p) static const char * const mcast_params[] = { "vlan", "name", "mcast", NULL }; - if (check_params(buf, sizeof(buf), mcast_params, p) < 0) { + if (check_params(mcast_params, p) < 0) { fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", buf, p); return -1; @@ -2002,7 +2002,7 @@ int net_client_init(const char *device, const char *p) char vde_sock[1024], vde_group[512]; int vde_port, vde_mode; - if (check_params(buf, sizeof(buf), vde_params, p) < 0) { + if (check_params(vde_params, p) < 0) { fprintf(stderr, "qemu: invalid parameter '%s' in '%s'\n", buf, p); return -1; @@ -257,7 +257,6 @@ const char *get_opt_name(char *buf, int buf_size, const char *p, char delim); const char *get_opt_value(char *buf, int buf_size, const char *p); int get_param_value(char *buf, int buf_size, const char *tag, const char *str); -int check_params(char *buf, int buf_size, - const char * const *params, const char *str); +int check_params(const char * const *params, const char *str); #endif @@ -1866,29 +1866,45 @@ int get_param_value(char *buf, int buf_size, return 0; } -int check_params(char *buf, int buf_size, - const char * const *params, const char *str) +int check_params(const char * const *params, const char *str) { + int name_buf_size = 1; const char *p; - int i; + char *name_buf; + int i, len; + int ret = 0; + + for (i = 0; params[i] != NULL; i++) { + len = strlen(params[i]) + 1; + if (len > name_buf_size) { + name_buf_size = len; + } + } + name_buf = qemu_malloc(name_buf_size); p = str; while (*p != '\0') { - p = get_opt_name(buf, buf_size, p, '='); - if (*p != '=') - return -1; + p = get_opt_name(name_buf, name_buf_size, p, '='); + if (*p != '=') { + ret = -1; + break; + } p++; for(i = 0; params[i] != NULL; i++) - if (!strcmp(params[i], buf)) + if (!strcmp(params[i], name_buf)) break; - if (params[i] == NULL) - return -1; + if (params[i] == NULL) { + ret = -1; + break; + } p = get_opt_value(NULL, 0, p); if (*p != ',') break; p++; } - return 0; + + qemu_free(name_buf); + return ret; } /***********************************************************/ @@ -2241,7 +2257,7 @@ int drive_init(struct drive_opt *arg, int snapshot, void *opaque) "cache", "format", "serial", "werror", NULL }; - if (check_params(buf, sizeof(buf), params, str) < 0) { + if (check_params(params, str) < 0) { fprintf(stderr, "qemu: unknown parameter '%s' in '%s'\n", buf, str); return -1; |
