On 12/13/2013 03:08 AM, Gerd Hoffmann wrote: > Don't use atoi() function which doesn't detect errors, switch to > strtol and error out on failures. Also add a range check while > being at it. > > [ v3: oops, v2 didn't build ] > [ v2: use parse_uint_full instead of strtol ]
Patch changelog belongs...
>
> Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
> ---
...here, so that 'git am' will strip it (it's useful for reviewers on
list, but not in 'git log', where you no longer have access to v1 or v2).
> util/qemu-sockets.c | 14 ++++++++++++--
> 1 file changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
> index 6b97dc1..c3560c1 100644
> --- a/util/qemu-sockets.c
> +++ b/util/qemu-sockets.c
> @@ -133,8 +133,18 @@ int inet_listen_opts(QemuOpts *opts, int port_offset,
> Error **errp)
> ai.ai_family = PF_INET6;
>
> /* lookup */
> - if (port_offset)
> - snprintf(port, sizeof(port), "%d", atoi(port) + port_offset);
> + if (port_offset) {
> + int baseport;
> + if (parse_uint_full(port, &baseport, 10) < 0) {
parse_uint_full takes an 'unsigned long long *', but you are passing an
'int *'. I'm surprised it compiled for you. It causes a buffer
overflow if the pointer is assigned to, and gives different results
depending on platform endianness.
> + error_setg(errp, "can't convert to a number: %s", port);
> + return -1;
> + }
> + if (baseport < 0 || baseport + port_offset > 65535) {
> + error_setg(errp, "port %s out of range", port);
But errno is not set to a sane value at this point, so error_setg() is
wrong.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
