05bba0
From c44c930396e5c19511f36bc45c3f386966b15f9d Mon Sep 17 00:00:00 2001
05bba0
From: Richard Jones <rjones@redhat.com>
05bba0
Date: Thu, 11 Jun 2015 11:40:28 +0200
05bba0
Subject: [PATCH 28/30] block/curl: Improve type safety of s->timeout.
05bba0
05bba0
Message-id: <1434022828-13037-22-git-send-email-rjones@redhat.com>
05bba0
Patchwork-id: 65856
05bba0
O-Subject: [RHEL-7.2 qemu-kvm v3 PATCH 21/21] block/curl: Improve type safety of s->timeout.
05bba0
Bugzilla: 1226684
05bba0
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
05bba0
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
05bba0
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
05bba0
05bba0
From: "Richard W.M. Jones" <rjones@redhat.com>
05bba0
05bba0
qemu_opt_get_number returns a uint64_t, and curl_easy_setopt expects a
05bba0
long (not an int).  There is no warning about the latter type error
05bba0
because curl_easy_setopt uses a varargs argument.
05bba0
05bba0
Store the timeout (which is a positive number of seconds) as a
05bba0
uint64_t.  Check that the number given by the user is reasonable.
05bba0
Zero is permissible (meaning no timeout is enforced by cURL).
05bba0
05bba0
Cast it to long before calling curl_easy_setopt to fix the type error.
05bba0
05bba0
Example error message after this change has been applied:
05bba0
05bba0
$ ./qemu-img create -f qcow2 /tmp/test.qcow2 \
05bba0
    -b 'json: { "file.driver":"https",
05bba0
                "file.url":"https://foo/bar",
05bba0
                "file.timeout":-1 }'
05bba0
qemu-img: /tmp/test.qcow2: Could not open 'json: { "file.driver":"https", "file.url":"https://foo/bar", "file.timeout":-1 }': timeout parameter is too large or negative: Invalid argument
05bba0
05bba0
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
05bba0
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
05bba0
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
05bba0
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
05bba0
05bba0
Upstream-status: f76faeda4bd59f972d09dd9d954297f17c21dd60
05bba0
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
05bba0
---
05bba0
 block/curl.c | 9 +++++++--
05bba0
 1 file changed, 7 insertions(+), 2 deletions(-)
05bba0
05bba0
diff --git a/block/curl.c b/block/curl.c
05bba0
index 5b407aa..3088329 100644
05bba0
--- a/block/curl.c
05bba0
+++ b/block/curl.c
05bba0
@@ -64,6 +64,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
05bba0
 #define SECTOR_SIZE     512
05bba0
 #define READ_AHEAD_DEFAULT (256 * 1024)
05bba0
 #define CURL_TIMEOUT_DEFAULT 5
05bba0
+#define CURL_TIMEOUT_MAX 10000
05bba0
 
05bba0
 #define FIND_RET_NONE   0
05bba0
 #define FIND_RET_OK     1
05bba0
@@ -112,7 +113,7 @@ typedef struct BDRVCURLState {
05bba0
     char *url;
05bba0
     size_t readahead_size;
05bba0
     bool sslverify;
05bba0
-    int timeout;
05bba0
+    uint64_t timeout;
05bba0
     char *cookie;
05bba0
     bool accept_range;
05bba0
 } BDRVCURLState;
05bba0
@@ -387,7 +388,7 @@ static CURLState *curl_init_state(BDRVCURLState *s)
05bba0
         if (s->cookie) {
05bba0
             curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
05bba0
         }
05bba0
-        curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, s->timeout);
05bba0
+        curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, (long)s->timeout);
05bba0
         curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
05bba0
                          (void *)curl_read_cb);
05bba0
         curl_easy_setopt(state->curl, CURLOPT_WRITEDATA, (void *)state);
05bba0
@@ -496,6 +497,10 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
05bba0
 
05bba0
     s->timeout = qemu_opt_get_number(opts, CURL_BLOCK_OPT_TIMEOUT,
05bba0
                                      CURL_TIMEOUT_DEFAULT);
05bba0
+    if (s->timeout > CURL_TIMEOUT_MAX) {
05bba0
+        error_setg(errp, "timeout parameter is too large or negative");
05bba0
+        goto out_noclean;
05bba0
+    }
05bba0
 
05bba0
     s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
05bba0
 
05bba0
-- 
05bba0
1.8.3.1
05bba0