aboutsummaryrefslogtreecommitdiff
path: root/slirp
AgeCommit message (Collapse)Author
2016-05-18Fix some typos found by codespellStefan Weil
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-05-16slirp: Clean up osdep.h related header inclusionsThomas Huth
qemu/osdep.h is included in some headers twice - one time should be sufficient. Also remove the inclusion of time.h since that is already done by osdep.h, too (this makes scripts/clean-includes happy again). Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2016-05-16slirp: Remove some unused code from slirp.hThomas Huth
These hunks are apparently not used anymore, so let's delete them. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2016-05-16slirp: Remove obsolete backward-compatibility cruftThomas Huth
The slirp code does not use index() and gethostid() anymore, so these parts can be removed without problems. memmove() and strerror() should be available on each of the supported platforms nowadays, too, so these wrappers are also not needed anymore. And we certainly also do not support Ultrix anymore, so no need to keep the code for this platform anymore. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2016-05-16slirp: Clean up slirp_config.hThomas Huth
There are a lot of unused #defines / #undefs in slirp_config.h, which are apparently left-overs from the very early slirp code. Since there is no more code that uses them, let's simply remove them from our version of slirp. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2016-04-28slirp: fix guest network access with darwin hostSamuel Thibault
On Darwin, connect, sendto and friends want the exact size of the sockaddr, not more (and in particular, not sizeof(struct sockaddr_storaget)) This commit adds the sockaddr_size helper to be used when passing a sockaddr size to such function, and makes use of it int sendto and connect calls. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: John Arbuckle <programmingkidx@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-15wxx: Fix broken TCP networking (regression)Stefan Weil
It is broken since commit c619644067f98098dcdbc951e2dda79e97560afa. Reported-by: Michael Fritscher <michael@fritscher.net> Tested-by: Michael Fritscher <michael@fritscher.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-04-07slirp: handle deferred ECONNREFUSED on non-blocking TCP socketsSteven Luo
slirp currently only handles ECONNREFUSED in the case where connect() returns immediately with that error; since we use non-blocking sockets, most of the time we won't receive the error until we later try to read from the socket. Ensure that we deliver the appropriate RST to the guest in this case. Signed-off-by: Steven Luo <steven+qemu@steven676.net> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2016-04-07slirp: Propagate host TCP RST to the guest.Edgar E. Iglesias
When the host aborts (RST) its side of a TCP connection we need to propagate that RST to the guest. The current code can leave such guest connections dangling forever. Spotted by Jason Wessel. Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> [steven@steven676.net: coding style adjustments] Signed-off-by: Steven Luo <steven+qemu@steven676.net> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2016-04-07slirp: avoid use-after-free in slirp_pollfds_poll() if soread() returns an errorSteven Luo
Samuel Thibault pointed out that it's possible that slirp_pollfds_poll() will try to use a socket even after soread() returns an error, resulting in an use-after-free if the socket was removed while handling the error. Avoid this by refusing to continue to work with the socket in this case. Signed-off-by: Steven Luo <steven+qemu@steven676.net> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2016-04-07slirp: don't crash when tcp_sockclosed() is called with a NULL tpSteven Luo
Signed-off-by: Steven Luo <steven+qemu@steven676.net> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2016-04-01slirp: Allow disabling IPv4 or IPv6Samuel Thibault
Add ipv4 and ipv6 boolean options, so the user can setup IPv4-only and IPv6-only network environments. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-04-01slirp: Fix migration from older versions of QEMU to the current oneThomas Huth
While adding the IPv6 support, the commit eae303ff23f51259eddc8856c71453d8 ("slirp: Make Socket structure IPv6 compatible") changed the format of the migration stream, without taking into account that we might still receive an old migration stream layout when upgrading from QEMU version 2.5 (or older) to QEMU 2.6. Currently, QEMU bails out when doing a migration from QEMU 2.5 to the recent master version when it has been started with a "-net user,guestfwd=..." network. So let's fix this by checking the version ID of the migration stream and by using the old behavior if we've detected version 3 or less. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2016-03-29Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into ↵Peter Maydell
staging slirp updates # gpg: Signature made Tue 29 Mar 2016 00:16:05 BST using RSA key ID FB6B2F1D # gpg: Good signature from "Samuel Thibault <samuel.thibault@gnu.org>" # gpg: aka "Samuel Thibault <sthibault@debian.org>" # gpg: aka "Samuel Thibault <samuel.thibault@inria.fr>" # gpg: aka "Samuel Thibault <samuel.thibault@labri.fr>" # gpg: aka "Samuel Thibault <samuel.thibault@ens-lyon.org>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 900C B024 B679 31D4 0F82 304B D017 8C76 7D06 9EE6 # Subkey fingerprint: F632 74CD C630 0873 CB3D 29D9 E3E5 1CE8 FB6B 2F1D * remotes/thibault/tags/samuel-thibault: Rework ipv6 options Use C99 flexible array instead of 1-byte trailing array Avoid embedding struct mbuf in other structures slirp: send icmp6 errors when UDP send failed slirp: Fix memory leak on small incoming ipv4 packet Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-29Use C99 flexible array instead of 1-byte trailing arrayPeter Maydell
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2016-03-23Avoid embedding struct mbuf in other structuresSamuel Thibault
struct mbuf uses a C99 open char array to allow inlining data. Inlining this in another structure is however a GNU extension. The inlines used so far in struct Slirp were actually only needed as head of struct mbuf lists. This replaces these inline with mere struct quehead, and use casts as appropriate. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-22slirp: send icmp6 errors when UDP send failedSamuel Thibault
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-03-22slirp: Fix memory leak on small incoming ipv4 packetSamuel Thibault
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-03-22util: move declarations out of qemu-common.hVeronia Bahaa
Move declarations out of qemu-common.h for functions declared in utils/ files: e.g. include/qemu/path.h for utils/path.c. Move inline functions out of qemu-common.h and into new files (e.g. include/qemu/bcd.h) Signed-off-by: Veronia Bahaa <veroniabahaa@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-16slirp/slirp.h: Remove now-empty #ifdefsPeter Maydell
After automatic cleanup to remove unnecessary #includes of headers that osdep.h provides, slirp.h has a few now unnecessary #ifdef/#endif pairs; remove them. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 1456237112-32662-2-git-send-email-peter.maydell@linaro.org
2016-03-15slirp: Add IPv6 support to the TFTP codeThomas Huth
Add the handler code for incoming TFTP packets to udp6_input(), and make sure that the TFTP code can send packets with both, udp_output() and udp6_output() by introducing a wrapper function called tftp_udp_output(). Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2016-03-15qapi-schema, qemu-options & slirp: Adding Qemu options for IPv6 addressesYann Bordenave
This patch adds parameters to manage some new options in the qemu -net command. Slirp IPv6 address, network prefix, and DNS IPv6 address can be given in argument to the qemu command. Defaults parameters are respectively fec0::2, fec0::, /64 and fec0::3. Signed-off-by: Yann Bordenave <meow@meowstars.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-03-15slirp: Adding IPv6 address for DNS relayGuillaume Subiron
This patch adds an IPv6 address to the DNS relay. in6_equal_dns() is developed using this Slirp attribute. sotranslate_in/out/accept() are also updated to manage the IPv6 case so the guest can be able to join the host using one of the Slirp addresses. For now this only points to localhost. Further development will be needed to automatically fetch the IPv6 address from resolv.conf, and announce this via RDNSS. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-03-15slirp: Handle IPv6 in TCP functionsGuillaume Subiron
This patch adds IPv6 case in TCP functions refactored by the last patches. This also adds IPv6 pseudo-header in tcpiphdr structure. Finally, tcp_input() is called by ip6_input(). Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-03-15slirp: Reindent after refactoringGuillaume Subiron
No code change. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-03-15slirp: Generalizing and neutralizing various TCP functions before adding ↵Guillaume Subiron
IPv6 stuff Basically, this patch adds some switch in various TCP functions to prepare them for the IPv6 case. To have something to "switch" in tcp_input() and tcp_respond(), a new argument is used to give them the sa_family of the addresses they are working on. This patch does not include the entailed reindentation, to make proofread easier. Reindentation is adressed in the following no-op patch. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-03-15slirp: Factorizing tcpiphdr structure with an unionGuillaume Subiron
This patch factorizes the tcpiphdr structure to put the IPv4 fields in an union, for addition of version 6 in further patch. Using some macros, retrocompatibility of the existing code is assured. This patch also fixes the SLIRP_MSIZE and margin computation in various functions, and makes them compatible with the new tcpiphdr structure, whose size will be bigger than sizeof(struct tcphdr) + sizeof(struct ip) Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-03-15slirp: Adding IPv6 UDP supportGuillaume Subiron
This adds the sin6 case in the fhost and lhost unions and related macros. It adds udp6_input() and udp6_output(). It adds the IPv6 case in sorecvfrom(). Finally, udp_input() is called by ip6_input(). Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-03-15slirp: Adding ICMPv6 error sendingYann Bordenave
Adding icmp6_send_error to send ICMPv6 Error messages. This function is simpler than the v4 version. Adding some calls in various functions to send ICMP errors, when a received packet is too big, or when its hop limit is 0. Signed-off-by: Yann Bordenave <meow@meowstars.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-03-15slirp: Fix ICMP error sendingYann Bordenave
Disambiguation : icmp_error is renamed into icmp_send_error, since it doesn't manage errors, but only sends ICMP Error messages. Signed-off-by: Yann Bordenave <meow@meowstars.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-03-15slirp: Adding IPv6, ICMPv6 Echo and NDP autoconfigurationGuillaume Subiron
This patch adds the functions needed to handle IPv6 packets. ICMPv6 and NDP headers are implemented. Slirp is now able to send NDP Router or Neighbor Advertisement when it receives Router or Neighbor Solicitation. Using a 64bit-sized IPv6 prefix, the guest is now able to perform stateless autoconfiguration (SLAAC) and to compute its IPv6 address. This patch adds an ndp_table, mainly inspired by arp_table, to keep an NDP cache and manage network address resolution. Slirp regularly sends NDP Neighbor Advertisement, as recommended by the RFC, to make the guest refresh its route. This also adds ip6_cksum() to compute ICMPv6 checksums using IPv6 pseudo-header. Some #define ETH_* are moved upper in slirp.h to make them accessible to other slirp/*.h Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-03-10osdep: remove use of socket_error() from all codeDaniel P. Berrange
Now that QEMU wraps the Win32 sockets methods to automatically set errno upon failure, there is no reason for callers to use the socket_error() method. They can rely on accessing errno even on Win32. Remove all use of socket_error() from general code, leaving it as a static method in oslib-win32.c only. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-10osdep: add wrappers for socket functionsDaniel P. Berrange
The windows socket functions look identical to the normal POSIX sockets functions, but instead of setting errno, the caller needs to call WSAGetLastError(). QEMU has tried to deal with this incompatibility by defining a socket_error() method that callers must use that abstracts the difference between WSAGetLastError() and errno. This approach is somewhat error prone though - many callers of the sockets functions are just using errno directly because it is easy to forget the need use a QEMU specific wrapper. It is not always immediately obvious that a particular function will in fact call into Windows sockets functions, so the dev may not even realize they need to use socket_error(). This introduces an alternative approach to portability inspired by the way GNULIB fixes portability problems. We use a macro to redefine the original socket function names to refer to a QEMU wrapper function. The wrapper function calls the original Win32 sockets method and then sets errno from the WSAGetLastError() value. Thus all code can simply call the normal POSIX sockets APIs are have standard errno reporting on error, even on Windows. This makes the socket_error() method obsolete. We also bring closesocket & ioctlsocket into this approach. Even though they are non-standard Win32 names, we can't wrap the normal close/ioctl methods since there's no reliable way to distinguish between a file descriptor and HANDLE in Win32. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-02-23all: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com>
2016-02-04slirp: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1454089805-5470-10-git-send-email-peter.maydell@linaro.org
2016-02-04slirp: Adding family argument to tcp_fconnect()Guillaume Subiron
This patch simply adds a unsigned short family argument to remove the hardcoded "AF_INET" in the call of qemu_socket(). This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: Make udp_attach IPv6 compatibleGuillaume Subiron
A unsigned short is now passed in argument to udp_attach instead of using a hardcoded "AF_INET" to call qemu_socket(). This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: Add sockaddr_equal, make solookup family-agnosticGuillaume Subiron
This patch makes solookup() compatible with varying address families, by using a new sockaddr_equal() function that compares two sockaddr_storage. This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: Factorizing and cleaning solookup()Guillaume Subiron
solookup() was only compatible with TCP. Having the socket list in argument, it is now compatible with UDP too. Some optimization code is factorized inside the function (the function look at the last returned result before browsing the complete socket list). This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: Factorizing address translationGuillaume Subiron
This patch factorizes some duplicate code into a new function, sotranslate_out(). This function perform the address translation when a packet is transmitted to the host network. If the packet is destinated to the host, the loopback address is used, and if the packet is destinated to the virtual DNS, the real DNS address is used. This code is just a copy of the existent, but factorized and ready to manage the IPv6 case. On the same model, the major part of udp_output() code is moved into a new sotranslate_in(). This function is directly used in sorecvfrom(), like sotranslate_out() in sosendto(). udp_output() becoming useless, it is removed and udp_output2() is renamed into udp_output(). This adds consistency with the udp6_output() function introduced by further patches. Lastly, this factorizes some duplicate code into sotranslate_accept(), which performs the address translation when a connection is established on the host for port forwarding: if it comes from localhost, the host virtual address is used instead. This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: Make Socket structure IPv6 compatibleGuillaume Subiron
This patch replaces foreign and local address/port couples in Socket structure by 2 sockaddr_storage which can be casted in sockaddr_in. Direct access to address and port is still possible thanks to some \#define, so retrocompatibility of the existing code is assured. The ss_family field of sockaddr_storage is declared after each socket creation. The whole structure is also saved/restored when a Qemu session is saved/restored. This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: Adding address family switch for produced framesGuillaume Subiron
In if_encap, a switch is added to prepare for the IPv6 case. Some code is factorized. This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-02-04slirp: Generalizing and neutralizing ARP codeGuillaume Subiron
Basically, this patch replaces "arp" by "resolution" every time "arp" means "mac resolution" and not specifically ARP. This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: goto bad in udp_input if sosendto failsGuillaume Subiron
Before this patch, if sosendto fails, udp_input is executed as if the packet was sent, recording the packet for icmp errors, which does not makes sense since the packet was not actually sent, errors would be related to a previous packet. This patch adds a goto bad to cut the execution of this function. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-01-11ether/slirp: Avoid redefinition of the same constantsDr. David Alan Gilbert
eth.h and slirp.h both define ETH_ALEN and ETH_P_IP rtl8139.c and eth.h both define ETH_HLEN Move the related constant (ETH_P_ARP) from slirp.h to eth.h, and remove the duplicates; make slirp.h include eth.h Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-11-12slirp: Fix type casts and format strings in debug codeStefan Weil
Casting pointers to long won't work on 64 bit Windows. It is not needed with the right format strings. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-09-24slirp: Fix non blocking connect for w32Stefan Weil
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2015-06-22qerror: Move #include out of qerror.hMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-09-23slirp: udp: fix NULL pointer dereference because of uninitialized socketPetr Matousek
When guest sends udp packet with source port and source addr 0, uninitialized socket is picked up when looking for matching and already created udp sockets, and later passed to sosendto() where NULL pointer dereference is hit during so->slirp->vnetwork_mask.s_addr access. Fix this by checking that the socket is not just a socket stub. This is CVE-2014-3640. Signed-off-by: Petr Matousek <pmatouse@redhat.com> Reported-by: Xavier Mehrenberger <xavier.mehrenberger@airbus.com> Reported-by: Stephane Duverger <stephane.duverger@eads.net> Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Message-id: 20140918063537.GX9321@dhcp-25-225.brq.redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-08-24slirp/misc: Use the GLib memory allocation APIszhanghailiang
Here we don't check the return value of malloc() which may fail. Use the g_new() instead, which will abort the program when there is not enough memory. Also, use g_strdup instead of strdup and remove the unnecessary strdup function. Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Benoît Canet <benoit.canet@nodalink.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>