diff options
Diffstat (limited to 'util')
-rw-r--r-- | util/aes.c | 2 | ||||
-rw-r--r-- | util/qemu-option.c | 8 | ||||
-rw-r--r-- | util/qemu-sockets.c | 26 | ||||
-rw-r--r-- | util/uri.c | 61 |
4 files changed, 37 insertions, 60 deletions
@@ -1161,7 +1161,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk += 8; } } - return 0; + abort(); } /** diff --git a/util/qemu-option.c b/util/qemu-option.c index a708241..d3ab65d 100644 --- a/util/qemu-option.c +++ b/util/qemu-option.c @@ -213,7 +213,7 @@ void parse_option_size(const char *name, const char *value, bool has_help_option(const char *param) { size_t buflen = strlen(param) + 1; - char *buf = g_malloc0(buflen); + char *buf = g_malloc(buflen); const char *p = param; bool result = false; @@ -230,14 +230,14 @@ bool has_help_option(const char *param) } out: - free(buf); + g_free(buf); return result; } bool is_valid_option_list(const char *param) { size_t buflen = strlen(param) + 1; - char *buf = g_malloc0(buflen); + char *buf = g_malloc(buflen); const char *p = param; bool result = true; @@ -255,7 +255,7 @@ bool is_valid_option_list(const char *param) } out: - free(buf); + g_free(buf); return result; } diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c index a76bb3c..61fc3c1 100644 --- a/util/qemu-sockets.c +++ b/util/qemu-sockets.c @@ -512,7 +512,7 @@ InetSocketAddress *inet_parse(const char *str, Error **errp) { InetSocketAddress *addr; const char *optstr, *h; - char host[64]; + char host[65]; char port[33]; int to; int pos; @@ -694,7 +694,7 @@ int unix_listen_opts(QemuOpts *opts, Error **errp) sock = qemu_socket(PF_UNIX, SOCK_STREAM, 0); if (sock < 0) { - error_setg_errno(errp, errno, "Failed to create socket"); + error_setg_errno(errp, errno, "Failed to create Unix socket"); return -1; } @@ -703,9 +703,15 @@ int unix_listen_opts(QemuOpts *opts, Error **errp) if (path && strlen(path)) { snprintf(un.sun_path, sizeof(un.sun_path), "%s", path); } else { - char *tmpdir = getenv("TMPDIR"); - snprintf(un.sun_path, sizeof(un.sun_path), "%s/qemu-socket-XXXXXX", - tmpdir ? tmpdir : "/tmp"); + const char *tmpdir = getenv("TMPDIR"); + tmpdir = tmpdir ? tmpdir : "/tmp"; + if (snprintf(un.sun_path, sizeof(un.sun_path), "%s/qemu-socket-XXXXXX", + tmpdir) >= sizeof(un.sun_path)) { + error_setg_errno(errp, errno, + "TMPDIR environment variable (%s) too large", tmpdir); + goto err; + } + /* * This dummy fd usage silences the mktemp() unsecure warning. * Using mkstemp() doesn't make things more secure here @@ -713,13 +719,19 @@ int unix_listen_opts(QemuOpts *opts, Error **errp) * to unlink first and thus re-open the race window. The * worst case possible is bind() failing, i.e. a DoS attack. */ - fd = mkstemp(un.sun_path); close(fd); + fd = mkstemp(un.sun_path); + if (fd < 0) { + error_setg_errno(errp, errno, + "Failed to make a temporary socket name in %s", tmpdir); + goto err; + } + close(fd); qemu_opt_set(opts, "path", un.sun_path); } unlink(un.sun_path); if (bind(sock, (struct sockaddr*) &un, sizeof(un)) < 0) { - error_setg_errno(errp, errno, "Failed to bind socket"); + error_setg_errno(errp, errno, "Failed to bind socket to %s", un.sun_path); goto err; } if (listen(sock, 1) < 0) { @@ -928,12 +928,10 @@ uri_parse(const char *str) { if (str == NULL) return(NULL); uri = uri_new(); - if (uri != NULL) { - ret = rfc3986_parse_uri_reference(uri, str); - if (ret) { - uri_free(uri); - return(NULL); - } + ret = rfc3986_parse_uri_reference(uri, str); + if (ret) { + uri_free(uri); + return(NULL); } return(uri); } @@ -974,15 +972,13 @@ uri_parse_raw(const char *str, int raw) { if (str == NULL) return(NULL); uri = uri_new(); - if (uri != NULL) { - if (raw) { - uri->cleanup |= 2; - } - ret = uri_parse_into(uri, str); - if (ret) { - uri_free(uri); - return(NULL); - } + if (raw) { + uri->cleanup |= 2; + } + ret = uri_parse_into(uri, str); + if (ret) { + uri_free(uri); + return(NULL); } return(uri); } @@ -1053,14 +1049,12 @@ uri_to_string(URI *uri) { while (*p != 0) { if (len >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } ret[len++] = *p++; } if (len >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } ret[len++] = ':'; @@ -1070,7 +1064,6 @@ uri_to_string(URI *uri) { while (*p != 0) { if (len + 3 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } if (IS_RESERVED(*(p)) || IS_UNRESERVED(*(p))) @@ -1087,7 +1080,6 @@ uri_to_string(URI *uri) { if (uri->server != NULL) { if (len + 3 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } ret[len++] = '/'; @@ -1097,7 +1089,6 @@ uri_to_string(URI *uri) { while (*p != 0) { if (len + 3 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } if ((IS_UNRESERVED(*(p))) || @@ -1116,7 +1107,6 @@ uri_to_string(URI *uri) { } if (len + 3 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } ret[len++] = '@'; @@ -1125,7 +1115,6 @@ uri_to_string(URI *uri) { while (*p != 0) { if (len >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } ret[len++] = *p++; @@ -1133,7 +1122,6 @@ uri_to_string(URI *uri) { if (uri->port > 0) { if (len + 10 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } len += snprintf(&ret[len], max - len, ":%d", uri->port); @@ -1141,7 +1129,6 @@ uri_to_string(URI *uri) { } else if (uri->authority != NULL) { if (len + 3 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } ret[len++] = '/'; @@ -1150,7 +1137,6 @@ uri_to_string(URI *uri) { while (*p != 0) { if (len + 3 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } if ((IS_UNRESERVED(*(p))) || @@ -1169,7 +1155,6 @@ uri_to_string(URI *uri) { } else if (uri->scheme != NULL) { if (len + 3 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } ret[len++] = '/'; @@ -1189,7 +1174,6 @@ uri_to_string(URI *uri) { (!strcmp(uri->scheme, "file"))) { if (len + 3 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } ret[len++] = *p++; @@ -1199,7 +1183,6 @@ uri_to_string(URI *uri) { while (*p != 0) { if (len + 3 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } if ((IS_UNRESERVED(*(p))) || ((*(p) == '/')) || @@ -1219,7 +1202,6 @@ uri_to_string(URI *uri) { if (uri->query != NULL) { if (len + 1 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } ret[len++] = '?'; @@ -1227,7 +1209,6 @@ uri_to_string(URI *uri) { while (*p != 0) { if (len + 1 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } ret[len++] = *p++; @@ -1237,7 +1218,6 @@ uri_to_string(URI *uri) { if (uri->fragment != NULL) { if (len + 3 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } ret[len++] = '#'; @@ -1245,7 +1225,6 @@ uri_to_string(URI *uri) { while (*p != 0) { if (len + 3 >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } if ((IS_UNRESERVED(*(p))) || (IS_RESERVED(*(p)))) @@ -1261,15 +1240,10 @@ uri_to_string(URI *uri) { } if (len >= max) { temp = realloc2n(ret, &max); - if (temp == NULL) goto mem_error; ret = temp; } ret[len] = 0; return(ret); - -mem_error: - g_free(ret); - return(NULL); } /** @@ -1675,8 +1649,6 @@ uri_resolve(const char *uri, const char *base) { else { if (*uri) { ref = uri_new(); - if (ref == NULL) - goto done; ret = uri_parse_into(ref, uri); } else @@ -1695,8 +1667,6 @@ uri_resolve(const char *uri, const char *base) { ret = -1; else { bas = uri_new(); - if (bas == NULL) - goto done; ret = uri_parse_into(bas, base); } if (ret != 0) { @@ -1727,8 +1697,6 @@ uri_resolve(const char *uri, const char *base) { * document. */ res = uri_new(); - if (res == NULL) - goto done; if ((ref->scheme == NULL) && (ref->path == NULL) && ((ref->authority == NULL) && (ref->server == NULL))) { res->scheme = g_strdup(bas->scheme); @@ -1933,8 +1901,6 @@ uri_resolve_relative (const char *uri, const char * base) * First parse URI into a standard form */ ref = uri_new (); - if (ref == NULL) - return NULL; /* If URI not already in "relative" form */ if (uri[0] != '.') { ret = uri_parse_into (ref, uri); @@ -1951,8 +1917,6 @@ uri_resolve_relative (const char *uri, const char * base) goto done; } bas = uri_new (); - if (bas == NULL) - goto done; if (base[0] != '.') { ret = uri_parse_into (bas, base); if (ret != 0) @@ -1971,7 +1935,8 @@ uri_resolve_relative (const char *uri, const char * base) val = g_strdup (uri); goto done; } - if (!strcmp(bas->path, ref->path)) { + if (bas->path == ref->path || + (bas->path && ref->path && !strcmp(bas->path, ref->path))) { val = g_strdup(""); goto done; } |