[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PULL v2 25/25] qga/linux: Add new api 'guest-network-get-route'
From: |
Peter Maydell |
Subject: |
Re: [PULL v2 25/25] qga/linux: Add new api 'guest-network-get-route' |
Date: |
Thu, 25 Jul 2024 11:12:41 +0100 |
On Tue, 23 Jul 2024 at 08:03, Konstantin Kostiuk <kkostiuk@redhat.com> wrote:
>
> From: Dehan Meng <demeng@redhat.com>
>
> The Route information of the Linux VM needs to be used
> by administrators and users when debugging network problems
> and troubleshooting.
>
> Signed-off-by: Dehan Meng <demeng@redhat.com>
> Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
> Message-ID: <20240613092802.346246-2-demeng@redhat.com>
> Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Hi; Coverity points out some potential issues with this commit:
> +static char *hexToIPAddress(const void *hexValue, int is_ipv6)
> +{
> + if (is_ipv6) {
> + char addr[INET6_ADDRSTRLEN];
> + struct in6_addr in6;
> + const char *hexStr = (const char *)hexValue;
> + int i;
> +
> + for (i = 0; i < 16; i++) {
> + sscanf(&hexStr[i * 2], "%02hhx", &in6.s6_addr[i]);
We don't check the sscanf() return value here. (CID 1558558)
> + }
> + inet_ntop(AF_INET6, &in6, addr, INET6_ADDRSTRLEN);
> +
> + return g_strdup(addr);
> + } else {
> + unsigned int hexInt = *(unsigned int *)hexValue;
> + unsigned int byte1 = (hexInt >> 24) & 0xFF;
> + unsigned int byte2 = (hexInt >> 16) & 0xFF;
> + unsigned int byte3 = (hexInt >> 8) & 0xFF;
> + unsigned int byte4 = hexInt & 0xFF;
> +
> + return g_strdup_printf("%u.%u.%u.%u", byte4, byte3, byte2, byte1);
> + }
> +}
> +
> +GuestNetworkRouteList *qmp_guest_network_get_route(Error **errp)
> +{
> + GuestNetworkRouteList *head = NULL, **tail = &head;
> + const char *routeFiles[] = {"/proc/net/route", "/proc/net/ipv6_route"};
> + FILE *fp;
> + size_t n;
> + char *line = NULL;
> + int firstLine;
> + int is_ipv6;
> + int i;
The handling of the getline() buffer in this function doesn't
seem to be correct (CID 1558559).
Firstly, the manpage says that to get the initial "allocate me
a buffer", line must be NULL and also n must be 0, but we don't
initialize n here.
> + for (i = 0; i < 2; i++) {
> + firstLine = 1;
> + is_ipv6 = (i == 1);
> + fp = fopen(routeFiles[i], "r");
> + if (fp == NULL) {
> + error_setg_errno(errp, errno, "open(\"%s\")", routeFiles[i]);
> + free(line);
Here we free() line, but we continue the for() loop. So next
time around the loop (assuming the second fopen succeeds)
we'll pass line to getline() and it will be a non-NULL
pointer to freed memory.
Is this error case supposed to exit the for() loop entirely
instead of continuing?
Either way, it shouldn't free(line) here I think.
> + continue;
> + }
> +
> + while (getline(&line, &n, fp) != -1) {
> + if (firstLine && !is_ipv6) {
> + firstLine = 0;
> + continue;
> + }
> + GuestNetworkRoute *route = NULL;
> + GuestNetworkRoute *networkroute;
> + char Iface[IFNAMSIZ];
Our coding style says you shouldn't declare variables in the
middle of a block. Coding style also says variable names are
lowercase with underscores, not CamelCase. (CamelCase is for
typenames.)
> + if (is_ipv6) {
> + char Destination[33], Source[33], NextHop[33];
> + int DesPrefixlen, SrcPrefixlen, Metric, RefCnt, Use, Flags;
> +
> + /* Parse the line and extract the values */
> + if (sscanf(line, "%32s %x %32s %x %32s %x %x %x %x %s",
> + Destination, &DesPrefixlen, Source,
> + &SrcPrefixlen, NextHop, &Metric, &RefCnt,
> + &Use, &Flags, Iface) != 10) {
> + continue;
> + }
> +
> + route = g_new0(GuestNetworkRoute, 1);
> + networkroute = route;
Why do we have separate "route" and "networkroute" variables
here? As far as I can see they are identical and can be merged.
> + networkroute->iface = g_strdup(Iface);
> + networkroute->destination = hexToIPAddress(Destination, 1);
> + networkroute->metric = Metric;
> + networkroute->source = hexToIPAddress(Source, 1);
> + networkroute->desprefixlen = g_strdup_printf(
> + "%d", DesPrefixlen
> + );
> + networkroute->srcprefixlen = g_strdup_printf(
> + "%d", SrcPrefixlen
> + );
> + networkroute->nexthop = hexToIPAddress(NextHop, 1);
> + networkroute->has_flags = true;
> + networkroute->flags = Flags;
> + networkroute->has_refcnt = true;
> + networkroute->refcnt = RefCnt;
> + networkroute->has_use = true;
> + networkroute->use = Use;
> + networkroute->version = 6;
> + } else {
> + unsigned int Destination, Gateway, Mask, Flags;
> + int RefCnt, Use, Metric, MTU, Window, IRTT;
> +
> + /* Parse the line and extract the values */
> + if (sscanf(line, "%s %X %X %x %d %d %d %X %d %d %d",
> + Iface, &Destination, &Gateway, &Flags, &RefCnt,
> + &Use, &Metric, &Mask, &MTU, &Window, &IRTT) !=
> 11) {
> + continue;
> + }
> +
> + route = g_new0(GuestNetworkRoute, 1);
> + networkroute = route;
> + networkroute->iface = g_strdup(Iface);
> + networkroute->destination = hexToIPAddress(&Destination, 0);
> + networkroute->gateway = hexToIPAddress(&Gateway, 0);
> + networkroute->mask = hexToIPAddress(&Mask, 0);
> + networkroute->metric = Metric;
> + networkroute->has_flags = true;
> + networkroute->flags = Flags;
> + networkroute->has_refcnt = true;
> + networkroute->refcnt = RefCnt;
> + networkroute->has_use = true;
> + networkroute->use = Use;
> + networkroute->has_mtu = true;
> + networkroute->mtu = MTU;
> + networkroute->has_window = true;
> + networkroute->window = Window;
> + networkroute->has_irtt = true;
> + networkroute->irtt = IRTT;
> + networkroute->version = 4;
> + }
> +
> + QAPI_LIST_APPEND(tail, route);
> + }
> +
> + free(line);
Similarly here we free(line) but next time around the for()
loop we'll pass it to getline anyway.
> + fclose(fp);
> + }
Since getline() will reallocate the buffer as needed, we don't
need to free it anywhere except right before we exit the
function, here.
> +
> + return head;
> +}
thanks
-- PMM
- [PULL v2 15/25] qga: conditionalize schema for commands requiring libudev, (continued)
- [PULL v2 15/25] qga: conditionalize schema for commands requiring libudev, Konstantin Kostiuk, 2024/07/23
- [PULL v2 17/25] qga: conditionalize schema for commands not supported on other UNIX, Konstantin Kostiuk, 2024/07/23
- [PULL v2 16/25] qga: conditionalize schema for commands requiring utmpx, Konstantin Kostiuk, 2024/07/23
- [PULL v2 19/25] qga: move declare of QGAConfig struct to top of file, Konstantin Kostiuk, 2024/07/23
- [PULL v2 18/25] qga: don't disable fsfreeze commands if vss_init fails, Konstantin Kostiuk, 2024/07/23
- [PULL v2 20/25] qga: remove pointless 'blockrpcs_key' variable, Konstantin Kostiuk, 2024/07/23
- [PULL v2 24/25] guest-agent: document allow-rpcs in config file section, Konstantin Kostiuk, 2024/07/23
- [PULL v2 23/25] qga/commands-posix: Make ga_wait_child() return boolean, Konstantin Kostiuk, 2024/07/23
- [PULL v2 22/25] qga: centralize logic for disabling/enabling commands, Konstantin Kostiuk, 2024/07/23
- [PULL v2 25/25] qga/linux: Add new api 'guest-network-get-route', Konstantin Kostiuk, 2024/07/23
- Re: [PULL v2 25/25] qga/linux: Add new api 'guest-network-get-route',
Peter Maydell <=
- [PULL v2 21/25] qga: allow configuration file path via the cli, Konstantin Kostiuk, 2024/07/23
- Re: [PULL v2 00/25] Misc QEMU-GA patches 2024-07-22, Richard Henderson, 2024/07/23