[v3,1/4] qemu-ga: 'Null' check for mandatory parameters

Message ID	20241021132839.463255-7-demeng@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Dehan Meng <demeng@redhat.com> To: qemu-devel@nongnu.org Cc: demeng@redhat.com, kkostiuk@redhat.com, michael.roth@amd.com, peter.maydell@linaro.org, berrange@redhat.com Subject: [PATCH v3 1/4] qemu-ga: 'Null' check for mandatory parameters Date: Mon, 21 Oct 2024 21:28:36 +0800 Message-Id: <20241021132839.463255-7-demeng@redhat.com> In-Reply-To: <20241021132839.463255-1-demeng@redhat.com> References: <20241021132839.463255-1-demeng@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=170.10.133.124; envelope-from=demeng@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.421, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Series	[v3,1/4] qemu-ga: 'Null' check for mandatory parameters \| expand [v3,1/4] qemu-ga: 'Null' check for mandatory parameters

Message ID

20241021132839.463255-7-demeng@redhat.com

State

New

Headers

From: Dehan Meng <demeng@redhat.com>
To: qemu-devel@nongnu.org
Cc: demeng@redhat.com, kkostiuk@redhat.com, michael.roth@amd.com,
 peter.maydell@linaro.org, berrange@redhat.com
Subject: [PATCH v3 1/4] qemu-ga: 'Null' check for mandatory parameters
Date: Mon, 21 Oct 2024 21:28:36 +0800
Message-Id: <20241021132839.463255-7-demeng@redhat.com>
In-Reply-To: <20241021132839.463255-1-demeng@redhat.com>
References: <20241021132839.463255-1-demeng@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=170.10.133.124; envelope-from=demeng@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.421,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Series

[v3,1/4] qemu-ga: 'Null' check for mandatory parameters | expand

sscanf return values are checked and add 'Null' check for mandatory parameters. Signed-off-by: Dehan Meng <demeng@redhat.com> --- qga/commands-linux.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-)

Comments

Daniel P. Berrangé Oct. 21, 2024, 4:45 p.m. UTC | #1

On Mon, Oct 21, 2024 at 09:28:36PM +0800, Dehan Meng wrote:
> sscanf return values are checked and add 'Null' check for
> mandatory parameters.
> 
> Signed-off-by: Dehan Meng <demeng@redhat.com>
> ---
>  qga/commands-linux.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/qga/commands-linux.c b/qga/commands-linux.c
> index 51d5e3d927..f0e9cdd27c 100644
> --- a/qga/commands-linux.c
> +++ b/qga/commands-linux.c
> @@ -2103,7 +2103,9 @@ static char *hexToIPAddress(const void *hexValue, int is_ipv6)
>          int i;
>  
>          for (i = 0; i < 16; i++) {
> -            sscanf(&hexStr[i * 2], "%02hhx", &in6.s6_addr[i]);
> +            if (sscanf(&hex_str[i * 2], "%02hhx", &in6.s6_addr[i]) != 1) {
> +                return NULL;
> +            }
>          }
>          inet_ntop(AF_INET6, &in6, addr, INET6_ADDRSTRLEN);
>  
> @@ -2164,6 +2166,10 @@ GuestNetworkRouteList *qmp_guest_network_get_route(Error **errp)
>                  networkroute = route;
>                  networkroute->iface = g_strdup(Iface);
>                  networkroute->destination = hexToIPAddress(Destination, 1);
> +                if (networkroute->destination == NULL) {
> +                    g_free(route);
> +                    continue;
> +                }

This is still leaking the 'networkroute->iface' string.

The existing code is a bit strange having 'route' and 'networkroute'
variables.

I'd suggest removing the "route" variable entirely.

Then have a code pattern that relies on g_autoptr to automatically
free the struct & all its fields.

eg something that looks approx like this:

   g_autoptr(GuestNetorkRoute) networkroute = NULL;

   ...
   
   if (is_ipv6) {
       ...
       networkroute = g_new0(GuestNetorkRoute, 1);
       networkroute->iface = g_strdup(Iface);
       networkroute->destination = hexToIPAddress(Destination, 1);
       if (networkroute->destination == NULL) {
          continue;
       }
       ...
   } else {
       ...
       networkroute = g_new0(GuestNetorkRoute, 1);
       networkroute->iface = g_strdup(Iface);
       networkroute->destination = hexToIPAddress(Destination, 1);
       if (networkroute->destination == NULL) {
          continue;
       }
       ...
   }

   QAPI_LIST_APPEND(tail, g_steal_pointer(&networkroute));
  

>                  networkroute->metric = Metric;
>                  networkroute->source = hexToIPAddress(Source, 1);
>                  networkroute->desprefixlen = g_strdup_printf(
> @@ -2195,6 +2201,10 @@ GuestNetworkRouteList *qmp_guest_network_get_route(Error **errp)
>                  networkroute = route;
>                  networkroute->iface = g_strdup(Iface);
>                  networkroute->destination = hexToIPAddress(&Destination, 0);
> +                if (networkroute->destination == NULL) {
> +                    g_free(route);
> +                    continue;
> +                }
>                  networkroute->gateway = hexToIPAddress(&Gateway, 0);
>                  networkroute->mask = hexToIPAddress(&Mask, 0);
>                  networkroute->metric = Metric;
> -- 
> 2.40.1
> 

With regards,
Daniel

Konstantin Kostiuk Oct. 21, 2024, 5:13 p.m. UTC | #2

On Mon, Oct 21, 2024 at 7:45 PM Daniel P. Berrangé <berrange@redhat.com>
wrote:

> On Mon, Oct 21, 2024 at 09:28:36PM +0800, Dehan Meng wrote:
> > sscanf return values are checked and add 'Null' check for
> > mandatory parameters.
> >
> > Signed-off-by: Dehan Meng <demeng@redhat.com>
> > ---
> >  qga/commands-linux.c | 12 +++++++++++-
> >  1 file changed, 11 insertions(+), 1 deletion(-)
> >
> > diff --git a/qga/commands-linux.c b/qga/commands-linux.c
> > index 51d5e3d927..f0e9cdd27c 100644
> > --- a/qga/commands-linux.c
> > +++ b/qga/commands-linux.c
> > @@ -2103,7 +2103,9 @@ static char *hexToIPAddress(const void *hexValue,
> int is_ipv6)
> >          int i;
> >
> >          for (i = 0; i < 16; i++) {
> > -            sscanf(&hexStr[i * 2], "%02hhx", &in6.s6_addr[i]);
> > +            if (sscanf(&hex_str[i * 2], "%02hhx", &in6.s6_addr[i]) !=
> 1) {
> > +                return NULL;
> > +            }
> >          }
> >          inet_ntop(AF_INET6, &in6, addr, INET6_ADDRSTRLEN);
> >
> > @@ -2164,6 +2166,10 @@ GuestNetworkRouteList
> *qmp_guest_network_get_route(Error **errp)
> >                  networkroute = route;
> >                  networkroute->iface = g_strdup(Iface);
> >                  networkroute->destination = hexToIPAddress(Destination,
> 1);
> > +                if (networkroute->destination == NULL) {
> > +                    g_free(route);
> > +                    continue;
> > +                }
>
> This is still leaking the 'networkroute->iface' string.
>
> The existing code is a bit strange having 'route' and 'networkroute'
> variables.
>
> I'd suggest removing the "route" variable entirely.
>

This part was done in patch 4/4


>
> Then have a code pattern that relies on g_autoptr to automatically
> free the struct & all its fields.
>

Agree with this


>
> eg something that looks approx like this:
>
>    g_autoptr(GuestNetorkRoute) networkroute = NULL;
>
>    ...
>
>    if (is_ipv6) {
>        ...
>        networkroute = g_new0(GuestNetorkRoute, 1);
>        networkroute->iface = g_strdup(Iface);
>        networkroute->destination = hexToIPAddress(Destination, 1);
>        if (networkroute->destination == NULL) {
>           continue;
>        }
>        ...
>    } else {
>        ...
>        networkroute = g_new0(GuestNetorkRoute, 1);
>        networkroute->iface = g_strdup(Iface);
>        networkroute->destination = hexToIPAddress(Destination, 1);
>        if (networkroute->destination == NULL) {
>           continue;
>        }
>        ...
>    }
>
>    QAPI_LIST_APPEND(tail, g_steal_pointer(&networkroute));
>
>
> >                  networkroute->metric = Metric;
> >                  networkroute->source = hexToIPAddress(Source, 1);
> >                  networkroute->desprefixlen = g_strdup_printf(
> > @@ -2195,6 +2201,10 @@ GuestNetworkRouteList
> *qmp_guest_network_get_route(Error **errp)
> >                  networkroute = route;
> >                  networkroute->iface = g_strdup(Iface);
> >                  networkroute->destination =
> hexToIPAddress(&Destination, 0);
> > +                if (networkroute->destination == NULL) {
> > +                    g_free(route);
> > +                    continue;
> > +                }
> >                  networkroute->gateway = hexToIPAddress(&Gateway, 0);
> >                  networkroute->mask = hexToIPAddress(&Mask, 0);
> >                  networkroute->metric = Metric;
> > --
> > 2.40.1
> >
>
> With regards,
> Daniel
> --
> |: https://berrange.com      -o-
> https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org         -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org    -o-
> https://www.instagram.com/dberrange :|
>
>

Dehan Meng Oct. 22, 2024, 10:37 a.m. UTC | #3

okay, thanks all for the suggestions, I'll make changes to a new commit, so
that you can review the commit5 later.

On Tue, Oct 22, 2024 at 1:14 AM Konstantin Kostiuk <kkostiuk@redhat.com>
wrote:

>
>
> On Mon, Oct 21, 2024 at 7:45 PM Daniel P. Berrangé <berrange@redhat.com>
> wrote:
>
>> On Mon, Oct 21, 2024 at 09:28:36PM +0800, Dehan Meng wrote:
>> > sscanf return values are checked and add 'Null' check for
>> > mandatory parameters.
>> >
>> > Signed-off-by: Dehan Meng <demeng@redhat.com>
>> > ---
>> >  qga/commands-linux.c | 12 +++++++++++-
>> >  1 file changed, 11 insertions(+), 1 deletion(-)
>> >
>> > diff --git a/qga/commands-linux.c b/qga/commands-linux.c
>> > index 51d5e3d927..f0e9cdd27c 100644
>> > --- a/qga/commands-linux.c
>> > +++ b/qga/commands-linux.c
>> > @@ -2103,7 +2103,9 @@ static char *hexToIPAddress(const void *hexValue,
>> int is_ipv6)
>> >          int i;
>> >
>> >          for (i = 0; i < 16; i++) {
>> > -            sscanf(&hexStr[i * 2], "%02hhx", &in6.s6_addr[i]);
>> > +            if (sscanf(&hex_str[i * 2], "%02hhx", &in6.s6_addr[i]) !=
>> 1) {
>> > +                return NULL;
>> > +            }
>> >          }
>> >          inet_ntop(AF_INET6, &in6, addr, INET6_ADDRSTRLEN);
>> >
>> > @@ -2164,6 +2166,10 @@ GuestNetworkRouteList
>> *qmp_guest_network_get_route(Error **errp)
>> >                  networkroute = route;
>> >                  networkroute->iface = g_strdup(Iface);
>> >                  networkroute->destination =
>> hexToIPAddress(Destination, 1);
>> > +                if (networkroute->destination == NULL) {
>> > +                    g_free(route);
>> > +                    continue;
>> > +                }
>>
>> This is still leaking the 'networkroute->iface' string.
>>
>> The existing code is a bit strange having 'route' and 'networkroute'
>> variables.
>>
>> I'd suggest removing the "route" variable entirely.
>>
>
> This part was done in patch 4/4
>
>
>>
>> Then have a code pattern that relies on g_autoptr to automatically
>> free the struct & all its fields.
>>
>
> Agree with this
>
>
>>
>> eg something that looks approx like this:
>>
>>    g_autoptr(GuestNetorkRoute) networkroute = NULL;
>>
>>    ...
>>
>>    if (is_ipv6) {
>>        ...
>>        networkroute = g_new0(GuestNetorkRoute, 1);
>>        networkroute->iface = g_strdup(Iface);
>>        networkroute->destination = hexToIPAddress(Destination, 1);
>>        if (networkroute->destination == NULL) {
>>           continue;
>>        }
>>        ...
>>    } else {
>>        ...
>>        networkroute = g_new0(GuestNetorkRoute, 1);
>>        networkroute->iface = g_strdup(Iface);
>>        networkroute->destination = hexToIPAddress(Destination, 1);
>>        if (networkroute->destination == NULL) {
>>           continue;
>>        }
>>        ...
>>    }
>>
>>    QAPI_LIST_APPEND(tail, g_steal_pointer(&networkroute));
>>
>>
>> >                  networkroute->metric = Metric;
>> >                  networkroute->source = hexToIPAddress(Source, 1);
>> >                  networkroute->desprefixlen = g_strdup_printf(
>> > @@ -2195,6 +2201,10 @@ GuestNetworkRouteList
>> *qmp_guest_network_get_route(Error **errp)
>> >                  networkroute = route;
>> >                  networkroute->iface = g_strdup(Iface);
>> >                  networkroute->destination =
>> hexToIPAddress(&Destination, 0);
>> > +                if (networkroute->destination == NULL) {
>> > +                    g_free(route);
>> > +                    continue;
>> > +                }
>> >                  networkroute->gateway = hexToIPAddress(&Gateway, 0);
>> >                  networkroute->mask = hexToIPAddress(&Mask, 0);
>> >                  networkroute->metric = Metric;
>> > --
>> > 2.40.1
>> >
>>
>> With regards,
>> Daniel
>> --
>> |: https://berrange.com      -o-
>> https://www.flickr.com/photos/dberrange :|
>> |: https://libvirt.org         -o-
>> https://fstop138.berrange.com :|
>> |: https://entangle-photo.org    -o-
>> https://www.instagram.com/dberrange :|
>>
>>

diff --git a/qga/commands-linux.c b/qga/commands-linux.c
index 51d5e3d927..f0e9cdd27c 100644
--- a/qga/commands-linux.c
+++ b/qga/commands-linux.c
@@ -2103,7 +2103,9 @@  static char *hexToIPAddress(const void *hexValue, int is_ipv6)
         int i;
 
         for (i = 0; i < 16; i++) {
-            sscanf(&hexStr[i * 2], "%02hhx", &in6.s6_addr[i]);
+            if (sscanf(&hex_str[i * 2], "%02hhx", &in6.s6_addr[i]) != 1) {
+                return NULL;
+            }
         }
         inet_ntop(AF_INET6, &in6, addr, INET6_ADDRSTRLEN);
 
@@ -2164,6 +2166,10 @@  GuestNetworkRouteList *qmp_guest_network_get_route(Error **errp)
                 networkroute = route;
                 networkroute->iface = g_strdup(Iface);
                 networkroute->destination = hexToIPAddress(Destination, 1);
+                if (networkroute->destination == NULL) {
+                    g_free(route);
+                    continue;
+                }
                 networkroute->metric = Metric;
                 networkroute->source = hexToIPAddress(Source, 1);
                 networkroute->desprefixlen = g_strdup_printf(
@@ -2195,6 +2201,10 @@  GuestNetworkRouteList *qmp_guest_network_get_route(Error **errp)
                 networkroute = route;
                 networkroute->iface = g_strdup(Iface);
                 networkroute->destination = hexToIPAddress(&Destination, 0);
+                if (networkroute->destination == NULL) {
+                    g_free(route);
+                    continue;
+                }
                 networkroute->gateway = hexToIPAddress(&Gateway, 0);
                 networkroute->mask = hexToIPAddress(&Mask, 0);
                 networkroute->metric = Metric;

[v3,1/4] qemu-ga: 'Null' check for mandatory parameters

Commit Message

Comments

Patch