From 43bc7340b51a652bb54d3ecc95a1627e8b9ec843 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Sat, 10 Nov 2018 17:45:37 +0400 Subject: slirp: remove do_pty from fork_exec() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit QEMU uses fork_exec() with do_pty values 0 or 3. Let's clean up some unused code. Signed-off-by: Marc-André Lureau Signed-off-by: Samuel Thibault --- slirp/tcp_subr.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'slirp/tcp_subr.c') diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c index fa61349..0ccd8e1 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -951,7 +951,6 @@ int tcp_ctl(struct socket *so) Slirp *slirp = so->slirp; struct sbuf *sb = &so->so_snd; struct ex_list *ex_ptr; - int do_pty; DEBUG_CALL("tcp_ctl"); DEBUG_ARG("so = %p", so); @@ -966,9 +965,8 @@ int tcp_ctl(struct socket *so) so->extra = (void *)ex_ptr->ex_exec; return 1; } - do_pty = ex_ptr->ex_pty; DEBUG_MISC((dfd, " executing %s\n", ex_ptr->ex_exec)); - return fork_exec(so, ex_ptr->ex_exec, do_pty); + return fork_exec(so, ex_ptr->ex_exec); } } } -- cgit v1.1 From 7765bee0e3bf5c5e0f396337b341c657fc1152c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Sat, 10 Nov 2018 17:45:38 +0400 Subject: slirp: replace ex_pty with ex_chardev MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit do_pty == 3 means to talk to a chardev. Signed-off-by: Marc-André Lureau Signed-off-by: Samuel Thibault --- slirp/tcp_subr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'slirp/tcp_subr.c') diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c index 0ccd8e1..dc19eea 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -960,7 +960,7 @@ int tcp_ctl(struct socket *so) for (ex_ptr = slirp->exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next) { if (ex_ptr->ex_fport == so->so_fport && so->so_faddr.s_addr == ex_ptr->ex_addr.s_addr) { - if (ex_ptr->ex_pty == 3) { + if (ex_ptr->ex_chardev) { so->s = -1; so->extra = (void *)ex_ptr->ex_exec; return 1; -- cgit v1.1 From 3ed9f823c688c0dd5dd8d2c936329168c4859d02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Sat, 10 Nov 2018 17:45:39 +0400 Subject: slirp: use a dedicated field for chardev pointer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's not mix command line and chardev pointers. Signed-off-by: Marc-André Lureau Signed-off-by: Samuel Thibault --- slirp/tcp_subr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'slirp/tcp_subr.c') diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c index dc19eea..e7b2baa 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -962,7 +962,7 @@ int tcp_ctl(struct socket *so) so->so_faddr.s_addr == ex_ptr->ex_addr.s_addr) { if (ex_ptr->ex_chardev) { so->s = -1; - so->extra = (void *)ex_ptr->ex_exec; + so->extra = ex_ptr->ex_chardev; return 1; } DEBUG_MISC((dfd, " executing %s\n", ex_ptr->ex_exec)); -- cgit v1.1 From 2d6cc3d0e77a0d5b4ba4df2cb0d3387881369cfb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Sat, 10 Nov 2018 17:45:40 +0400 Subject: slirp: remove unused EMU_RSH MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit EMU_RSH handling was dropped in commit 0d62c4cfe21752df4c1d6e2c2398f15d5eaa794a. The assignment, and subsequent free() of ex_ptr->ex_exec to so->extra looks unsafe (double free is likely to occur). Signed-off-by: Marc-André Lureau Signed-off-by: Samuel Thibault --- slirp/tcp_subr.c | 1 - 1 file changed, 1 deletion(-) (limited to 'slirp/tcp_subr.c') diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c index e7b2baa..fd75218 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -541,7 +541,6 @@ static const struct tos_t tcptos[] = { {0, 23, IPTOS_LOWDELAY, 0}, /* telnet */ {0, 80, IPTOS_THROUGHPUT, 0}, /* WWW */ {0, 513, IPTOS_LOWDELAY, EMU_RLOGIN|EMU_NOCONNECT}, /* rlogin */ - {0, 514, IPTOS_LOWDELAY, EMU_RSH|EMU_NOCONNECT}, /* shell */ {0, 544, IPTOS_LOWDELAY, EMU_KSH}, /* kshell */ {0, 543, IPTOS_LOWDELAY, 0}, /* klogin */ {0, 6667, IPTOS_THROUGHPUT, EMU_IRC}, /* IRC */ -- cgit v1.1 From d3b9408c9bae23b5cbe3b42d29ad1927248cbdd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Sat, 10 Nov 2018 17:45:41 +0400 Subject: slirp: rename /extra/chardev MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now it's only used for the chardev pointer. Signed-off-by: Marc-André Lureau Signed-off-by: Samuel Thibault --- slirp/tcp_subr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'slirp/tcp_subr.c') diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c index fd75218..4b40850 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -961,7 +961,7 @@ int tcp_ctl(struct socket *so) so->so_faddr.s_addr == ex_ptr->ex_addr.s_addr) { if (ex_ptr->ex_chardev) { so->s = -1; - so->extra = ex_ptr->ex_chardev; + so->chardev = ex_ptr->ex_chardev; return 1; } DEBUG_MISC((dfd, " executing %s\n", ex_ptr->ex_exec)); -- cgit v1.1 From 2afbb788ff43c5cb5a91fb3da9cae6bd9a70731f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Wed, 14 Nov 2018 16:36:31 +0400 Subject: slirp: improve a bit the debug macros MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let them accept multiple arguments. Simplify the inner argument handling of DEBUG_ARGS/DEBUG_MISC_DEBUG_ERROR. Signed-off-by: Marc-André Lureau Signed-off-by: Samuel Thibault --- slirp/tcp_subr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'slirp/tcp_subr.c') diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c index 4b40850..00cee73 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -420,7 +420,7 @@ int tcp_fconnect(struct socket *so, unsigned short af) qemu_setsockopt(s, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof(opt)); addr = so->fhost.ss; - DEBUG_CALL(" connect()ing") + DEBUG_CALL(" connect()ing"); sotranslate_out(so, &addr); /* We don't care what port we get */ @@ -964,7 +964,7 @@ int tcp_ctl(struct socket *so) so->chardev = ex_ptr->ex_chardev; return 1; } - DEBUG_MISC((dfd, " executing %s\n", ex_ptr->ex_exec)); + DEBUG_MISC(" executing %s\n", ex_ptr->ex_exec); return fork_exec(so, ex_ptr->ex_exec); } } -- cgit v1.1 From 5d300fc9222aa700b4449d73f26bf7cf0e5b9ec4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 22 Nov 2018 02:06:22 +0400 Subject: slirp: rename exec_list MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This list is not only used to handle command to execute on guest connection, it can also redirect to an arbitrary object, such as a chardev. Let's rename the struct and the field to "guestfwd". Signed-off-by: Marc-André Lureau Signed-off-by: Samuel Thibault --- slirp/tcp_subr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'slirp/tcp_subr.c') diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c index 00cee73..3b14684 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -949,14 +949,14 @@ int tcp_ctl(struct socket *so) { Slirp *slirp = so->slirp; struct sbuf *sb = &so->so_snd; - struct ex_list *ex_ptr; + struct gfwd_list *ex_ptr; DEBUG_CALL("tcp_ctl"); DEBUG_ARG("so = %p", so); if (so->so_faddr.s_addr != slirp->vhost_addr.s_addr) { /* Check if it's pty_exec */ - for (ex_ptr = slirp->exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next) { + for (ex_ptr = slirp->guestfwd_list; ex_ptr; ex_ptr = ex_ptr->ex_next) { if (ex_ptr->ex_fport == so->so_fport && so->so_faddr.s_addr == ex_ptr->ex_addr.s_addr) { if (ex_ptr->ex_chardev) { -- cgit v1.1 From 226ea7a96485f2b9db13b523551c536dc68a1689 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 22 Nov 2018 02:06:41 +0400 Subject: slirp: call into g_debug() for DEBUG macros MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make slirp use GLib logging, instead of fprintf(), so that applications can filter log, process it etc. With recent versions of glib, G_MESSAGES_DEBUG must be set to "all" or "Slirp" to see slirp debug messages. Reformat DEBUG_MISC & DEBUG_ERROR calls to not need \n ending. Signed-off-by: Marc-André Lureau Signed-off-by: Samuel Thibault --- slirp/tcp_subr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'slirp/tcp_subr.c') diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c index 3b14684..4a9a5b5 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -964,7 +964,7 @@ int tcp_ctl(struct socket *so) so->chardev = ex_ptr->ex_chardev; return 1; } - DEBUG_MISC(" executing %s\n", ex_ptr->ex_exec); + DEBUG_MISC(" executing %s", ex_ptr->ex_exec); return fork_exec(so, ex_ptr->ex_exec); } } -- cgit v1.1 From a7104eda7dab99d0cdbd3595c211864cba415905 Mon Sep 17 00:00:00 2001 From: Prasad J Pandit Date: Sun, 13 Jan 2019 23:29:48 +0530 Subject: slirp: check data length while emulating ident function While emulating identification protocol, tcp_emu() does not check available space in the 'sc_rcv->sb_data' buffer. It could lead to heap buffer overflow issue. Add check to avoid it. Reported-by: Kira <864786842@qq.com> Signed-off-by: Prasad J Pandit Signed-off-by: Samuel Thibault --- slirp/tcp_subr.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'slirp/tcp_subr.c') diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c index 4a9a5b5..23a841f 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -634,6 +634,11 @@ tcp_emu(struct socket *so, struct mbuf *m) socklen_t addrlen = sizeof(struct sockaddr_in); struct sbuf *so_rcv = &so->so_rcv; + if (m->m_len > so_rcv->sb_datalen + - (so_rcv->sb_wptr - so_rcv->sb_data)) { + return 1; + } + memcpy(so_rcv->sb_wptr, m->m_data, m->m_len); so_rcv->sb_wptr += m->m_len; so_rcv->sb_rptr += m->m_len; -- cgit v1.1