aboutsummaryrefslogtreecommitdiff
path: root/slirp/udp.c
AgeCommit message (Collapse)AuthorFilesLines
2014-09-23slirp: udp: fix NULL pointer dereference because of uninitialized socketPetr Matousek1-1/+1
When guest sends udp packet with source port and source addr 0, uninitialized socket is picked up when looking for matching and already created udp sockets, and later passed to sosendto() where NULL pointer dereference is hit during so->slirp->vnetwork_mask.s_addr access. Fix this by checking that the socket is not just a socket stub. This is CVE-2014-3640. Signed-off-by: Petr Matousek <pmatouse@redhat.com> Reported-by: Xavier Mehrenberger <xavier.mehrenberger@airbus.com> Reported-by: Stephane Duverger <stephane.duverger@eads.net> Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Message-id: 20140918063537.GX9321@dhcp-25-225.brq.redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-10-02slirp: call socket_set_fast_reuse instead of setting SO_REUSEADDRSebastian Ottlik1-2/+2
SO_REUSEADDR should be avoided on Windows but is desired on other operating systems. So instead of setting it we call socket_set_fast_reuse that will result in the appropriate behaviour on all operating systems. Signed-off-by: Sebastian Ottlik <ottlik@fzi.de> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Weil <sw@weilnetz.de>
2013-03-22MinGW: Replace setsockopt by qemu_setsocketoptStefan Weil1-1/+1
Instead of adding missing type casts which are needed by MinGW for the 4th argument, the patch uses qemu_setsockopt which was invented for this purpose. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2012-10-05cleanup useless return sentenceAmos Kong1-1/+0
This patch cleans up return sentences in the end of void functions. Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Amos Kong <akong@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-03-13slirp: Cleanup resources on instance removalJan Kiszka1-0/+8
Close & free sockets when shutting down a slirp instance, also release all buffers. CC: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2011-07-23slirp: Replace m_freem with m_freeJan Kiszka1-1/+1
Remove this pointless wrapping. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-07-23slirp: Strictly associate DHCP/BOOTP and TFTP with virtual hostJan Kiszka1-5/+8
Instead of accepting every DHCP/BOOTP and TFTP packet, only invoke the built-in servers if the target is the virtual host. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-07-23slirp: Fix restricted modeJan Kiszka1-4/+4
This aligns the code to what the documentation claims: Allow everything but requests that would have to be routed outside of the virtual LAN. So we need to drop the unneeded IP-level filter, allow TFTP requests, and add the missing protocol-level filter to ICMP. CC: Gleb Natapov <gleb@redhat.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-07-25slirp: Replace u_int8_t, u_int16_t, u_int32_t, u_int64_t by standard int typesStefan Weil1-4/+4
There is no need to have a second set of integral types. Replace them by the standard types from stdint.h. Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2009-12-03Don't leak file descriptorsKevin Wolf1-2/+2
We're leaking file descriptors to child processes. Set FD_CLOEXEC on file descriptors that don't need to be passed to children to stop this misbehaviour. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-07-27slirp: Remove UDP protocol emulation (talk, cuseeme)Ed Swierk1-264/+2
The UDP emulation code for talk has been commented out since the beginning of time, and unless someone who runs CU-SeeMe on qemu with user-mode networking can vouch that the special magic (a) is necessary and (b) works, let's get rid of the code. Signed-off-by: Ed Swierk <eswierk@aristanetworks.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29slirp: Factor out internal state structureJan Kiszka1-25/+31
The essence of this patch is to stuff (almost) all global variables of the slirp stack into the structure Slirp. In this step, we still keep the structure as global variable, directly accessible by the whole stack. Changes to the external interface of slirp will be applied in the following patches. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29slirp: Drop statistic codeJan Kiszka1-11/+0
As agreed on the mailing list, there is no interest in keeping the usually disabled slirp statistics in the tree. So this patch removes them. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29slirp: Drop dead codeJan Kiszka1-25/+3
After all its years inside the qemu tree, there is no point in keeping the dead code paths of slirp. This patch is a first round of removing usually commented out code parts. More cleanups need to follow (and maybe finally a proper reindention). Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29slirp: Explicitely mark host-forwarding socketsJan Kiszka1-1/+1
Mark sockets that describe host forwardings. This is required for their (and only their) proper deletion and for pretty-printing. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29slirp: Prepare for persistent socket state flagsJan Kiszka1-1/+2
This prepares for adding flags to socket.so_state that must not be removed during the lifetime of a socket. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29slirp: Bind support for host forwarding rulesJan Kiszka1-3/+4
Extend the hostfwd rule format so that the user can specify on which host interface qemu should listen for incoming connections. If omitted, binding will takes place against all interfaces. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29slirp: Rework internal configurationJan Kiszka1-10/+13
The user mode IP stack is currently only minimally configurable /wrt to its virtual IP addresses. This is unfortunate if some guest has a fixed idea of which IP addresses to use. Therefore this patch prepares the stack for fully configurable IP addresses and masks. The user interface and default addresses remain untouched in this step, they will be enhanced in the following patch. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29slirp: Drop redundant lines from udp_inputJan Kiszka1-2/+0
The socket faddr/fport is already updated a few lines below, so these are completely redundant. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-04-18Use ANSI prototypes to please sparseblueswir11-13/+5
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7176 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-26Remove the advertising clause from the slirp licensealiguori1-5/+1
According to the FSF, the 4-clause BSD license, which slirp is covered under, is not compatible with the GPL or LGPL[1]. [1] http://www.fsf.org/licensing/licenses/index_html#GPLIncompatibleLicenses There are three declared copyright holders in slirp that use the 4-clause BSD license, the Regents of UC Berkley, Danny Gasparovski, and Kelly Price. Below are the appropriate permissions to remove the advertise clause from slirp from each party. Special thanks go to Richard Fontana from Red Hat for contacting all of the necessary authors to resolve this issue! Regents of UC Berkley: From ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change July 22, 1999 To All Licensees, Distributors of Any Version of BSD: As you know, certain of the Berkeley Software Distribution ("BSD") source code files require that further distributions of products containing all or portions of the software, acknowledge within their advertising materials that such products contain software developed by UC Berkeley and its contributors. Specifically, the provision reads: " * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors." Effective immediately, licensees and distributors are no longer required to include the acknowledgement within advertising materials. Accordingly, the foregoing paragraph of those BSD Unix files containing it is hereby deleted in its entirety. William Hoskins Director, Office of Technology Licensing University of California, Berkeley Danny Gasparovski: Subject: RE: Slirp license Date: Thu, 8 Jan 2009 10:51:00 +1100 From: "Gasparovski, Daniel" <Daniel.Gasparovski@ato.gov.au> To: "Richard Fontana" <rfontana@redhat.com> Hi Richard, I have no objection to having Slirp code in QEMU be licensed under the 3-clause BSD license. Thanks for taking the effort to consult me about this. Dan ... Kelly Price: Date: Thu, 8 Jan 2009 19:38:56 -0500 From: "Kelly Price" <strredwolf@gmail.com> To: "Richard Fontana" <rfontana@redhat.com> Subject: Re: Slirp license Thanks for contacting me, Richard. I'm glad you were able to find Dan, as I've been "keeping the light on" for Slirp. I have no use for it now, and I have little time for it (now holding onto Keenspot's Comic Genesis and having a regular US state government position). If Dan would like to return to the project, I'd love to give it back to him. As for copyright, I don't own all of it. Dan does, so I will defer to him. Any of my patches I will gladly license to the 3-part BSD license. My interest in re-licensing was because we didn't have ready info to contact Dan. If Dan would like to port Slirp back out of QEMU, a lot of us 64-bit users would be grateful. Feel free to share this email address with Dan. I will be glad to effect a transfer of the project to him and Mr. Bellard of the QEMU project. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6451 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-13Fix 64 bit issue in slirpblueswir11-3/+2
Signed-off-by: Gleb Natapov <gleb@redhat.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6288 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-08Add slirp_restrict option (Gleb Natapov)aliguori1-0/+3
Add "slirp firewall" to permit connection only to vmchannel addresses. Signed-off-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6241 c046a42c-6fe2-441c-8c8c-71466251a162
2008-10-25Replace uses of strncpy (a GNU extension) with Qemu pstrcpyblueswir11-2/+2
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5531 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-10Special-case CTL_ALIAS instead of CTL_DNS in udp loopback test.balrog1-3/+3
At the same time remove a bogus test (tested by Jason Wessel). Quiet some gcc4 warnings from slirp compilation. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4402 c046a42c-6fe2-441c-8c8c-71466251a162
2008-04-27Treat DNS a special case among special addresses in slirp (Jason Wessel).balrog1-3/+4
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4267 c046a42c-6fe2-441c-8c8c-71466251a162
2008-04-26Fix slirp udp source address contamination (Jason Wessel)balrog1-1/+2
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4259 c046a42c-6fe2-441c-8c8c-71466251a162
2007-10-26 Use const and static as needed, disable unused codeblueswir11-13/+13
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3452 c046a42c-6fe2-441c-8c8c-71466251a162
2007-10-26Make Slirp statistics gathering and output conditional to LOG_ENABLEDblueswir11-5/+7
Add 'info slirp' command to monitor to display statistics Disable Slirp debugging code by default git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3451 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-17find -type f | xargs sed -i 's/[\t ]*$//g' # Yes, again. Note the star in ↵ths1-28/+28
the regex. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3177 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-16find -type f | xargs sed -i 's/[\t ]$//g' # on most filesths1-70/+70
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3173 c046a42c-6fe2-441c-8c8c-71466251a162
2007-01-17Slirp UDP fix, by Jason Wessel.ths1-2/+3
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2327 c046a42c-6fe2-441c-8c8c-71466251a162
2006-05-03UDP broadcast translation error (Mark Jonckheere)bellard1-1/+4
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1899 c046a42c-6fe2-441c-8c8c-71466251a162
2006-05-03separate alias_addr (10.0.2.2) from our_addr (Ed Swierk)bellard1-1/+1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1895 c046a42c-6fe2-441c-8c8c-71466251a162
2005-07-03win32 compile fixbellard1-2/+2
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1500 c046a42c-6fe2-441c-8c8c-71466251a162
2005-06-0564 bit fixes (initial patch by Gwenole Beauchesne)bellard1-6/+12
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1458 c046a42c-6fe2-441c-8c8c-71466251a162
2004-10-07windows fixes (Gregory Alexander)bellard1-0/+4
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1102 c046a42c-6fe2-441c-8c8c-71466251a162
2004-08-24TFTP support (Magnus Damm)bellard1-0/+8
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1050 c046a42c-6fe2-441c-8c8c-71466251a162
2004-07-12win32 compilebellard1-4/+4
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1016 c046a42c-6fe2-441c-8c8c-71466251a162
2004-04-22initial user mode network supportbellard1-0/+654
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@733 c046a42c-6fe2-441c-8c8c-71466251a162