From c54ed5bcdd8ed29f9cdfcfc0e456b6ec1f25d2c3 Mon Sep 17 00:00:00 2001 From: Jan Kiszka Date: Wed, 20 Jul 2011 12:20:14 +0200 Subject: slirp: Canonicalize restrict syntax All other boolean arguments accept on|off - except for slirp's restrict. Fix that while still accepting the formerly allowed yes|y|no|n, but reject everything else. This avoids accidentally allowing external connections because syntax errors were so far interpreted as 'restrict=no'. CC: Gleb Natapov Signed-off-by: Jan Kiszka Signed-off-by: Anthony Liguori --- net/slirp.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) (limited to 'net/slirp.c') diff --git a/net/slirp.c b/net/slirp.c index e057a14ce9..71e2577b6f 100644 --- a/net/slirp.c +++ b/net/slirp.c @@ -240,7 +240,8 @@ static int net_slirp_init(VLANState *vlan, const char *model, nc = qemu_new_net_client(&net_slirp_info, vlan, NULL, model, name); snprintf(nc->info_str, sizeof(nc->info_str), - "net=%s, restricted=%c", inet_ntoa(net), restricted ? 'y' : 'n'); + "net=%s,restrict=%s", inet_ntoa(net), + restricted ? "on" : "off"); s = DO_UPCAST(SlirpState, nc, nc); @@ -689,6 +690,7 @@ int net_init_slirp(QemuOpts *opts, const char *bootfile; const char *smb_export; const char *vsmbsrv; + const char *restrict_opt; char *vnet = NULL; int restricted = 0; int ret; @@ -702,6 +704,18 @@ int net_init_slirp(QemuOpts *opts, smb_export = qemu_opt_get(opts, "smb"); vsmbsrv = qemu_opt_get(opts, "smbserver"); + restrict_opt = qemu_opt_get(opts, "restrict"); + if (restrict_opt) { + if (!strcmp(restrict_opt, "on") || + !strcmp(restrict_opt, "yes") || !strcmp(restrict_opt, "y")) { + restricted = 1; + } else if (strcmp(restrict_opt, "off") && + strcmp(restrict_opt, "no") && strcmp(restrict_opt, "n")) { + error_report("invalid option: 'restrict=%s'", restrict_opt); + return -1; + } + } + if (qemu_opt_get(opts, "ip")) { const char *ip = qemu_opt_get(opts, "ip"); int l = strlen(ip) + strlen("/24") + 1; @@ -720,11 +734,6 @@ int net_init_slirp(QemuOpts *opts, vnet = qemu_strdup(qemu_opt_get(opts, "net")); } - if (qemu_opt_get(opts, "restrict") && - qemu_opt_get(opts, "restrict")[0] == 'y') { - restricted = 1; - } - qemu_opt_foreach(opts, net_init_slirp_configs, NULL, 0); ret = net_slirp_init(vlan, "user", name, restricted, vnet, vhost, -- cgit v1.2.3