[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH for-3.2 05/13] slirp: remove unused EMU_RSH
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [PATCH for-3.2 05/13] slirp: remove unused EMU_RSH |
|
Date: |
Thu, 15 Nov 2018 14:15:25 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 |
On 10/11/2018 14:45, Marc-André Lureau wrote:
> EMU_RSH handling was dropped in commit
> 0d62c4cfe21752df4c1d6e2c2398f15d5eaa794a.
>
> The assignment, and subsequent free() of ex_ptr->ex_exec to so->extra
> looks unsafe (double free is likely to occur).
>
> Signed-off-by: Marc-André Lureau <address@hidden>
> ---
> slirp/misc.h | 1 -
> slirp/slirp.c | 2 --
> slirp/socket.c | 4 ----
> slirp/tcp_subr.c | 1 -
> 4 files changed, 8 deletions(-)
>
> diff --git a/slirp/misc.h b/slirp/misc.h
> index 64ca88c3b7..94829722cd 100644
> --- a/slirp/misc.h
> +++ b/slirp/misc.h
> @@ -26,7 +26,6 @@ struct ex_list {
> #define EMU_REALAUDIO 0x5
> #define EMU_RLOGIN 0x6
> #define EMU_IDENT 0x7
> -#define EMU_RSH 0x8
>
> #define EMU_NOCONNECT 0x10 /* Don't connect */
>
> diff --git a/slirp/slirp.c b/slirp/slirp.c
> index 58d1ef64e9..daa0d5d4bd 100644
> --- a/slirp/slirp.c
> +++ b/slirp/slirp.c
> @@ -1491,8 +1491,6 @@ static int slirp_state_load(QEMUFile *f, void *opaque,
> int version_id)
> }
> if (!ex_ptr)
> return -EINVAL;
> -
> - so->extra = (void *)ex_ptr->ex_exec;
> }
>
> return vmstate_load_state(f, &vmstate_slirp, slirp, version_id);
> diff --git a/slirp/socket.c b/slirp/socket.c
> index 322383a1f9..ff6ef1e334 100644
> --- a/slirp/socket.c
> +++ b/slirp/socket.c
> @@ -91,10 +91,6 @@ sofree(struct socket *so)
> soqfree(so, &slirp->if_fastq);
> soqfree(so, &slirp->if_batchq);
>
> - if (so->so_emu==EMU_RSH && so->extra) {
> - sofree(so->extra);
> - so->extra=NULL;
> - }
> if (so == slirp->tcp_last_so) {
> slirp->tcp_last_so = &slirp->tcb;
> } else if (so == slirp->udp_last_so) {
> diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
> index e0bf7ad070..eb894b6527 100644
> --- a/slirp/tcp_subr.c
> +++ b/slirp/tcp_subr.c
> @@ -546,7 +546,6 @@ static const struct tos_t tcptos[] = {
> {0, 23, IPTOS_LOWDELAY, 0}, /* telnet */
> {0, 80, IPTOS_THROUGHPUT, 0}, /* WWW */
> {0, 513, IPTOS_LOWDELAY, EMU_RLOGIN|EMU_NOCONNECT}, /* rlogin */
> - {0, 514, IPTOS_LOWDELAY, EMU_RSH|EMU_NOCONNECT}, /* shell */
> {0, 544, IPTOS_LOWDELAY, EMU_KSH}, /* kshell */
> {0, 543, IPTOS_LOWDELAY, 0}, /* klogin */
> {0, 6667, IPTOS_THROUGHPUT, EMU_IRC}, /* IRC */
>
Ouch, do we really want to have a stateful firewall in QEMU? I would
say burn all of tcp_emu with fire...
Paolo
- [Qemu-devel] [PATCH for-3.2 02/13] slirp: remove do_pty from fork_exec(), (continued)
- [Qemu-devel] [PATCH for-3.2 02/13] slirp: remove do_pty from fork_exec(), Marc-André Lureau, 2018/11/10
- [Qemu-devel] [PATCH for-3.2 03/13] slirp: replace ex_pty with ex_chardev, Marc-André Lureau, 2018/11/10
- [Qemu-devel] [PATCH for-3.2 07/13] slirp: move internal function declarations, Marc-André Lureau, 2018/11/10
- [Qemu-devel] [PATCH for-3.2 06/13] slirp: rename /extra/chardev, Marc-André Lureau, 2018/11/10
- [Qemu-devel] [PATCH for-3.2 05/13] slirp: remove unused EMU_RSH, Marc-André Lureau, 2018/11/10
- [Qemu-devel] [PATCH for-3.2 08/13] slirp: remove Monitor dependency, return a string for info, Marc-André Lureau, 2018/11/10
- [Qemu-devel] [PATCH for-3.2 04/13] slirp: use a dedicated field for chardev pointer, Marc-André Lureau, 2018/11/10
- [Qemu-devel] [PATCH for-3.2 09/13] slirp: fix slirp_add_exec() leaks, Marc-André Lureau, 2018/11/10
- [Qemu-devel] [PATCH for-3.2 10/13] slirp: improve subprocess socket creation, Marc-André Lureau, 2018/11/10