[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 01/15] sheepdog: Defuse time bomb in sd_open() error
|
From: |
Markus Armbruster |
|
Subject: |
[Qemu-devel] [PATCH 01/15] sheepdog: Defuse time bomb in sd_open() error handling |
|
Date: |
Thu, 2 Mar 2017 22:43:52 +0100 |
When qemu_opts_absorb_qdict() fails, sd_open() closes stdin, because
sd->fd is still zero. Fortunately, qemu_opts_absorb_qdict() can't
fail, because:
1. it only fails when qemu_opt_parse() fails, and
2. the only member of runtime_opts.desc[] is a QEMU_OPT_STRING, and
3. qemu_opt_parse() can't fail for QEMU_OPT_STRING.
Defuse this ticking time bomb by jumping behind the file descriptor
cleanup on error.
Also do that for the error paths where sd->fd is still -1. The file
descriptor cleanup happens to do nothing then, but let's not rely on
that here.
Signed-off-by: Markus Armbruster <address@hidden>
---
block/sheepdog.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/block/sheepdog.c b/block/sheepdog.c
index 860ba61..fe15723 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -1392,7 +1392,7 @@ static int sd_open(BlockDriverState *bs, QDict *options,
int flags,
if (local_err) {
error_propagate(errp, local_err);
ret = -EINVAL;
- goto out;
+ goto out_no_fd;
}
filename = qemu_opt_get(opts, "filename");
@@ -1412,12 +1412,12 @@ static int sd_open(BlockDriverState *bs, QDict
*options, int flags,
}
if (ret < 0) {
error_setg(errp, "Can't parse filename");
- goto out;
+ goto out_no_fd;
}
s->fd = get_sheep_fd(s, errp);
if (s->fd < 0) {
ret = s->fd;
- goto out;
+ goto out_no_fd;
}
ret = find_vdi_name(s, vdi, snapid, tag, &vid, true, errp);
@@ -1472,6 +1472,7 @@ out:
if (s->fd >= 0) {
closesocket(s->fd);
}
+out_no_fd:
qemu_opts_del(opts);
g_free(buf);
return ret;
--
2.7.4
- Re: [Qemu-devel] [Qemu-block] [PATCH 11/15] gluster: Don't duplicate qapi-util.c's qapi_enum_parse(), (continued)
- [Qemu-devel] [PATCH 03/15] sheepdog: Fix error handling sd_create(), Markus Armbruster, 2017/03/02
- [Qemu-devel] [PATCH 10/15] gluster: Drop assumptions on SocketTransport names, Markus Armbruster, 2017/03/02
- [Qemu-devel] [PATCH 04/15] sheepdog: Mark sd_snapshot_delete() lossage FIXME, Markus Armbruster, 2017/03/02
- [Qemu-devel] [PATCH 01/15] sheepdog: Defuse time bomb in sd_open() error handling,
Markus Armbruster <=
- [Qemu-devel] [PATCH 06/15] sheepdog: Don't truncate long VDI name in _open(), _create(), Markus Armbruster, 2017/03/02
- Re: [Qemu-devel] [PATCH 06/15] sheepdog: Don't truncate long VDI name in _open(), _create(), Philippe Mathieu-Daudé, 2017/03/02
- [Qemu-devel] [PATCH 02/15] sheepdog: Fix error handling in sd_snapshot_delete(), Markus Armbruster, 2017/03/02