qemu-kvm: avoid strlen of NULL pointer

Message ID	201003031532.43257.jens@linux.vnet.ibm.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Jens Osterkamp <jens@linux.vnet.ibm.com> To: qemu-devel@nongnu.org Date: Wed, 3 Mar 2010 15:32:43 +0100 User-Agent: KMail/1.10.4 (Linux/2.6.27-16-generic; KDE/4.1.4; i686; ; ) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Message-Id: <201003031532.43257.jens@linux.vnet.ibm.com> Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] [PATCH] qemu-kvm: avoid strlen of NULL pointer Precedence: list Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

201003031532.43257.jens@linux.vnet.ibm.com

State

New

Headers

From: Jens Osterkamp <jens@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Date: Wed, 3 Mar 2010 15:32:43 +0100
User-Agent: KMail/1.10.4 (Linux/2.6.27-16-generic; KDE/4.1.4; i686; ; )
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Disposition: inline
Message-Id: <201003031532.43257.jens@linux.vnet.ibm.com>
Content-Transfer-Encoding: quoted-printable
Subject: [Qemu-devel] [PATCH] qemu-kvm: avoid strlen of NULL pointer
Precedence: list
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Jens Osterkamp March 3, 2010, 2:32 p.m. UTC

If the user wants to create a chardev of type socket but forgets to give a
host= option, qemu_opt_get returns NULL. This NULL pointer is then fed into
strlen a few lines below without a check which results in a segfault.
This fixes it.

Signed-off-by: Jens Osterkamp <jens@linux.vnet.ibm.com>
---
 qemu-sockets.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

Comments

Aurelien Jarno March 27, 2010, 12:33 p.m. UTC | #1

On Wed, Mar 03, 2010 at 03:32:43PM +0100, Jens Osterkamp wrote:
> If the user wants to create a chardev of type socket but forgets to give a
> host= option, qemu_opt_get returns NULL. This NULL pointer is then fed into
> strlen a few lines below without a check which results in a segfault.
> This fixes it.

While this correctly fixes the segfault, it doesn't output any error
message. The best would probably be to fold that with the test of
"port", as the error message already mentions "host and/or port".

> Signed-off-by: Jens Osterkamp <jens@linux.vnet.ibm.com>
> ---
>  qemu-sockets.c |    3 +++
>  1 files changed, 3 insertions(+), 0 deletions(-)
> 
> diff --git a/qemu-sockets.c b/qemu-sockets.c
> index 23c3def..a191304 100644
> --- a/qemu-sockets.c
> +++ b/qemu-sockets.c
> @@ -137,6 +137,9 @@ int inet_listen_opts(QemuOpts *opts, int port_offset)
>      pstrcpy(port, sizeof(port), qemu_opt_get(opts, "port"));
>      addr = qemu_opt_get(opts, "host");
>  
> +    if (!addr)
> +	    return -1;
> +
>      to = qemu_opt_get_number(opts, "to", 0);
>      if (qemu_opt_get_bool(opts, "ipv4", 0))
>          ai.ai_family = PF_INET;
> -- 
> 1.5.6.3
> 
> 
> -- 
> Best regards, 
> 
> Jens Osterkamp
> --------------------------------------------------------------------------------
> IBM Deutschland Research & Development GmbH
> Vorsitzender des Aufsichtsrats: Martin Jetter
> Geschäftsführung: Dirk Wittkopp
> Sitz der Gesellschaft: Böblingen
> Registergericht: Amtsgericht Stuttgart, HRB 243294
> 
> 
> 
>

diff --git a/qemu-sockets.c b/qemu-sockets.c
index 23c3def..a191304 100644
--- a/qemu-sockets.c
+++ b/qemu-sockets.c
@@ -137,6 +137,9 @@  int inet_listen_opts(QemuOpts *opts, int port_offset)
     pstrcpy(port, sizeof(port), qemu_opt_get(opts, "port"));
     addr = qemu_opt_get(opts, "host");
 
+    if (!addr)
+	    return -1;
+
     to = qemu_opt_get_number(opts, "to", 0);
     if (qemu_opt_get_bool(opts, "ipv4", 0))
         ai.ai_family = PF_INET;

qemu-kvm: avoid strlen of NULL pointer

Commit Message

Comments

Patch