[1/2] elf2dmp: Check curl_easy_setopt() return value

Message ID	20210901143910.17112-2-peter.maydell@linaro.org
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Peter Maydell <peter.maydell@linaro.org> To: qemu-devel@nongnu.org Subject: [PATCH 1/2] elf2dmp: Check curl_easy_setopt() return value Date: Wed, 1 Sep 2021 15:39:09 +0100 Message-Id: <20210901143910.17112-2-peter.maydell@linaro.org> In-Reply-To: <20210901143910.17112-1-peter.maydell@linaro.org> References: <20210901143910.17112-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::433; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x433.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Cc: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	elf2dmp: Fix minor Coverity nits \| expand [0/2] elf2dmp: Fix minor Coverity nits [1/2] elf2dmp: Check curl_easy_setopt() return value [2/2] elf2dmp: Fail cleanly if PDB file specifies zero block_size

Message ID

20210901143910.17112-2-peter.maydell@linaro.org

State

New

Headers

From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PATCH 1/2] elf2dmp: Check curl_easy_setopt() return value
Date: Wed,  1 Sep 2021 15:39:09 +0100
Message-Id: <20210901143910.17112-2-peter.maydell@linaro.org>
In-Reply-To: <20210901143910.17112-1-peter.maydell@linaro.org>
References: <20210901143910.17112-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a00:1450:4864:20::433;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x433.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Viktor Prutyanov <viktor.prutyanov@phystech.edu>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Series

elf2dmp: Fix minor Coverity nits | expand

Commit Message

Peter Maydell Sept. 1, 2021, 2:39 p.m. UTC

Coverity points out that we aren't checking the return value
from curl_easy_setopt().

Fixes: Coverity CID 1458895
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 contrib/elf2dmp/download.c | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

Comments

Philippe Mathieu-Daudé Sept. 1, 2021, 3:25 p.m. UTC | #1

On 9/1/21 4:39 PM, Peter Maydell wrote:
> Coverity points out that we aren't checking the return value
> from curl_easy_setopt().
> 
> Fixes: Coverity CID 1458895
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  contrib/elf2dmp/download.c | 28 +++++++++++++++++-----------
>  1 file changed, 17 insertions(+), 11 deletions(-)
> 
> diff --git a/contrib/elf2dmp/download.c b/contrib/elf2dmp/download.c
> index d09e607431f..01e4a7fc0dc 100644
> --- a/contrib/elf2dmp/download.c
> +++ b/contrib/elf2dmp/download.c
> @@ -21,21 +21,19 @@ int download_url(const char *name, const char *url)
>  
>      file = fopen(name, "wb");
>      if (!file) {
> -        err = 1;
> -        goto out_curl;
> +        goto fail;
>      }
>  
> -    curl_easy_setopt(curl, CURLOPT_URL, url);
> -    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL);
> -    curl_easy_setopt(curl, CURLOPT_WRITEDATA, file);
> -    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
> -    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0);
> +    if (curl_easy_setopt(curl, CURLOPT_URL, url) != CURLE_OK ||
> +        curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL) != CURLE_OK ||
> +        curl_easy_setopt(curl, CURLOPT_WRITEDATA, file) != CURLE_OK ||
> +        curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1) != CURLE_OK ||
> +        curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0) != CURLE_OK) {
> +        goto fail;
> +    }
>  
>      if (curl_easy_perform(curl) != CURLE_OK) {
> -        err = 1;
> -        fclose(file);
> -        unlink(name);
> -        goto out_curl;
> +        goto fail;
>      }
>  
>      err = fclose(file);
> @@ -44,4 +42,12 @@ out_curl:
>      curl_easy_cleanup(curl);
>  
>      return err;
> +
> +fail:
> +    err = 1;
> +    if (file) {
> +        fclose(file);
> +        unlink(name);
> +    }
> +    goto out_curl;
>  }
> 

Counter proposal without goto and less ifs:

-- >8 --
@@ -25,21 +25,19 @@ int download_url(const char *name, const char *url)
         goto out_curl;
     }

-    curl_easy_setopt(curl, CURLOPT_URL, url);
-    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL);
-    curl_easy_setopt(curl, CURLOPT_WRITEDATA, file);
-    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
-    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0);
-
-    if (curl_easy_perform(curl) != CURLE_OK) {
-        err = 1;
-        fclose(file);
+    if (curl_easy_setopt(curl, CURLOPT_URL, url) != CURLE_OK
+            || curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL) !=
CURLE_OK
+            || curl_easy_setopt(curl, CURLOPT_WRITEDATA, file) != CURLE_OK
+            || curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1) !=
CURLE_OK
+            || curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0) != CURLE_OK
+            || curl_easy_perform(curl) != CURLE_OK) {
         unlink(name);
-        goto out_curl;
+        fclose(file);
+        err = 1;
+    } else {
+        err = fclose(file);
     }

-    err = fclose(file);
-
 out_curl:
     curl_easy_cleanup(curl);

---

Viktor Prutyanov Sept. 8, 2021, 9:43 p.m. UTC | #2

Hi,

On Wed, 1 Sep 2021 17:25:09 +0200
Philippe Mathieu-Daudé <philmd@redhat.com> wrote:

> On 9/1/21 4:39 PM, Peter Maydell wrote:
> > Coverity points out that we aren't checking the return value
> > from curl_easy_setopt().
> > 
> > Fixes: Coverity CID 1458895
> > Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> > ---
> >  contrib/elf2dmp/download.c | 28 +++++++++++++++++-----------
> >  1 file changed, 17 insertions(+), 11 deletions(-)
> > 
> > diff --git a/contrib/elf2dmp/download.c b/contrib/elf2dmp/download.c
> > index d09e607431f..01e4a7fc0dc 100644
> > --- a/contrib/elf2dmp/download.c
> > +++ b/contrib/elf2dmp/download.c
> > @@ -21,21 +21,19 @@ int download_url(const char *name, const char
> > *url) 
> >      file = fopen(name, "wb");
> >      if (!file) {
> > -        err = 1;
> > -        goto out_curl;
> > +        goto fail;
> >      }
> >  
> > -    curl_easy_setopt(curl, CURLOPT_URL, url);
> > -    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL);
> > -    curl_easy_setopt(curl, CURLOPT_WRITEDATA, file);
> > -    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
> > -    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0);
> > +    if (curl_easy_setopt(curl, CURLOPT_URL, url) != CURLE_OK ||
> > +        curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL) !=
> > CURLE_OK ||
> > +        curl_easy_setopt(curl, CURLOPT_WRITEDATA, file) !=
> > CURLE_OK ||
> > +        curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1) !=
> > CURLE_OK ||
> > +        curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0) != CURLE_OK)
> > {
> > +        goto fail;
> > +    }
> >  
> >      if (curl_easy_perform(curl) != CURLE_OK) {
> > -        err = 1;
> > -        fclose(file);
> > -        unlink(name);
> > -        goto out_curl;
> > +        goto fail;
> >      }
> >  
> >      err = fclose(file);
> > @@ -44,4 +42,12 @@ out_curl:
> >      curl_easy_cleanup(curl);
> >  
> >      return err;
> > +
> > +fail:
> > +    err = 1;
> > +    if (file) {
> > +        fclose(file);
> > +        unlink(name);
> > +    }
> > +    goto out_curl;
> >  }
> >   
> 
> Counter proposal without goto and less ifs:
> 
> -- >8 --  
> @@ -25,21 +25,19 @@ int download_url(const char *name, const char
> *url) goto out_curl;
>      }
> 
> -    curl_easy_setopt(curl, CURLOPT_URL, url);
> -    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL);
> -    curl_easy_setopt(curl, CURLOPT_WRITEDATA, file);
> -    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
> -    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0);
> -
> -    if (curl_easy_perform(curl) != CURLE_OK) {
> -        err = 1;
> -        fclose(file);
> +    if (curl_easy_setopt(curl, CURLOPT_URL, url) != CURLE_OK
> +            || curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL) !=
> CURLE_OK
> +            || curl_easy_setopt(curl, CURLOPT_WRITEDATA, file) !=
> CURLE_OK
> +            || curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1) !=
> CURLE_OK
> +            || curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0) !=
> CURLE_OK
> +            || curl_easy_perform(curl) != CURLE_OK) {
>          unlink(name);
> -        goto out_curl;
> +        fclose(file);
> +        err = 1;
> +    } else {
> +        err = fclose(file);
>      }
> 
> -    err = fclose(file);
> -
>  out_curl:
>      curl_easy_cleanup(curl);
> 
> ---
> 

Honestly, I would prefer this version over the original patch.
In any way, I have tested both of them.

Philippe Mathieu-Daudé Sept. 8, 2021, 11:25 p.m. UTC | #3

On 9/8/21 11:43 PM, Viktor Prutyanov wrote:
> On Wed, 1 Sep 2021 17:25:09 +0200
> Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
> 
>> On 9/1/21 4:39 PM, Peter Maydell wrote:
>>> Coverity points out that we aren't checking the return value
>>> from curl_easy_setopt().
>>>
>>> Fixes: Coverity CID 1458895
>>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>>> ---
>>>  contrib/elf2dmp/download.c | 28 +++++++++++++++++-----------
>>>  1 file changed, 17 insertions(+), 11 deletions(-)
>>>
>>> diff --git a/contrib/elf2dmp/download.c b/contrib/elf2dmp/download.c
>>> index d09e607431f..01e4a7fc0dc 100644
>>> --- a/contrib/elf2dmp/download.c
>>> +++ b/contrib/elf2dmp/download.c
>>> @@ -21,21 +21,19 @@ int download_url(const char *name, const char
>>> *url) 
>>>      file = fopen(name, "wb");
>>>      if (!file) {
>>> -        err = 1;
>>> -        goto out_curl;
>>> +        goto fail;
>>>      }
>>>  
>>> -    curl_easy_setopt(curl, CURLOPT_URL, url);
>>> -    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL);
>>> -    curl_easy_setopt(curl, CURLOPT_WRITEDATA, file);
>>> -    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
>>> -    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0);
>>> +    if (curl_easy_setopt(curl, CURLOPT_URL, url) != CURLE_OK ||
>>> +        curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL) !=
>>> CURLE_OK ||
>>> +        curl_easy_setopt(curl, CURLOPT_WRITEDATA, file) !=
>>> CURLE_OK ||
>>> +        curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1) !=
>>> CURLE_OK ||
>>> +        curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0) != CURLE_OK)
>>> {
>>> +        goto fail;
>>> +    }
>>>  
>>>      if (curl_easy_perform(curl) != CURLE_OK) {
>>> -        err = 1;
>>> -        fclose(file);
>>> -        unlink(name);
>>> -        goto out_curl;
>>> +        goto fail;
>>>      }
>>>  
>>>      err = fclose(file);
>>> @@ -44,4 +42,12 @@ out_curl:
>>>      curl_easy_cleanup(curl);
>>>  
>>>      return err;
>>> +
>>> +fail:
>>> +    err = 1;
>>> +    if (file) {
>>> +        fclose(file);
>>> +        unlink(name);
>>> +    }
>>> +    goto out_curl;
>>>  }
>>>   
>>
>> Counter proposal without goto and less ifs:
>>
>> -- >8 --  
>> @@ -25,21 +25,19 @@ int download_url(const char *name, const char
>> *url) goto out_curl;
>>      }
>>
>> -    curl_easy_setopt(curl, CURLOPT_URL, url);
>> -    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL);
>> -    curl_easy_setopt(curl, CURLOPT_WRITEDATA, file);
>> -    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
>> -    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0);
>> -
>> -    if (curl_easy_perform(curl) != CURLE_OK) {
>> -        err = 1;
>> -        fclose(file);
>> +    if (curl_easy_setopt(curl, CURLOPT_URL, url) != CURLE_OK
>> +            || curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL) !=
>> CURLE_OK
>> +            || curl_easy_setopt(curl, CURLOPT_WRITEDATA, file) !=
>> CURLE_OK
>> +            || curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1) !=
>> CURLE_OK
>> +            || curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0) !=
>> CURLE_OK
>> +            || curl_easy_perform(curl) != CURLE_OK) {
>>          unlink(name);
>> -        goto out_curl;
>> +        fclose(file);
>> +        err = 1;
>> +    } else {
>> +        err = fclose(file);
>>      }
>>
>> -    err = fclose(file);
>> -
>>  out_curl:
>>      curl_easy_cleanup(curl);
>>
>> ---
>>
> 
> Honestly, I would prefer this version over the original patch.
> In any way, I have tested both of them.

OK I will post this properly and let Peter pick whichever he
prefers. Do you mind to reply to the cover letter with a
"Tested-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu>"
tag?

diff --git a/contrib/elf2dmp/download.c b/contrib/elf2dmp/download.c
index d09e607431f..01e4a7fc0dc 100644
--- a/contrib/elf2dmp/download.c
+++ b/contrib/elf2dmp/download.c
@@ -21,21 +21,19 @@  int download_url(const char *name, const char *url)
 
     file = fopen(name, "wb");
     if (!file) {
-        err = 1;
-        goto out_curl;
+        goto fail;
     }
 
-    curl_easy_setopt(curl, CURLOPT_URL, url);
-    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL);
-    curl_easy_setopt(curl, CURLOPT_WRITEDATA, file);
-    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
-    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0);
+    if (curl_easy_setopt(curl, CURLOPT_URL, url) != CURLE_OK ||
+        curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL) != CURLE_OK ||
+        curl_easy_setopt(curl, CURLOPT_WRITEDATA, file) != CURLE_OK ||
+        curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1) != CURLE_OK ||
+        curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0) != CURLE_OK) {
+        goto fail;
+    }
 
     if (curl_easy_perform(curl) != CURLE_OK) {
-        err = 1;
-        fclose(file);
-        unlink(name);
-        goto out_curl;
+        goto fail;
     }
 
     err = fclose(file);
@@ -44,4 +42,12 @@  out_curl:
     curl_easy_cleanup(curl);
 
     return err;
+
+fail:
+    err = 1;
+    if (file) {
+        fclose(file);
+        unlink(name);
+    }
+    goto out_curl;
 }

[1/2] elf2dmp: Check curl_easy_setopt() return value

Commit Message

Comments

Patch