1. Patchew
  2. QEMU
  3. View series

[PATCH] curl: Fix error path in curl_open()

Hanna Czenczek posted 1 patch 1 year, 2 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20230206132949.92917-1-hreitz@redhat.com
Maintainers: Kevin Wolf <kwolf@redhat.com>, Hanna Reitz <hreitz@redhat.com>
block/curl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
[PATCH] curl: Fix error path in curl_open()
Posted by Hanna Czenczek 1 year, 2 months ago 
g_hash_table_destroy() and g_hash_table_foreach_remove() (called by
curl_drop_all_sockets()) both require the table to be non-NULL, or will
print assertion failures (just print, no abort).

There are several paths in curl_open() that can lead to the out_noclean
label without s->sockets being allocated, so clean it only if it has
been allocated.

Example reproducer:
$ qemu-img info -f http ''
qemu-img: GLib: g_hash_table_foreach_remove: assertion 'hash_table != NULL' failed
qemu-img: GLib: g_hash_table_destroy: assertion 'hash_table != NULL' failed
qemu-img: Could not open '': http curl driver cannot handle the URL '' (does not start with 'http://')

Closes: https://gitlab.com/qemu-project/qemu/-/issues/1475
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
---
 block/curl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/block/curl.c b/block/curl.c
index cbada22e9e..ba9977af5a 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -850,8 +850,10 @@ out_noclean:
     g_free(s->username);
     g_free(s->proxyusername);
     g_free(s->proxypassword);
-    curl_drop_all_sockets(s->sockets);
-    g_hash_table_destroy(s->sockets);
+    if (s->sockets) {
+        curl_drop_all_sockets(s->sockets);
+        g_hash_table_destroy(s->sockets);
+    }
     qemu_opts_del(opts);
     return -EINVAL;
 }
-- 
2.39.1
Re: [PATCH] curl: Fix error path in curl_open()
Posted by Kevin Wolf 1 year, 2 months ago 
Am 06.02.2023 um 14:29 hat Hanna Czenczek geschrieben:
> g_hash_table_destroy() and g_hash_table_foreach_remove() (called by
> curl_drop_all_sockets()) both require the table to be non-NULL, or will
> print assertion failures (just print, no abort).
> 
> There are several paths in curl_open() that can lead to the out_noclean
> label without s->sockets being allocated, so clean it only if it has
> been allocated.
> 
> Example reproducer:
> $ qemu-img info -f http ''
> qemu-img: GLib: g_hash_table_foreach_remove: assertion 'hash_table != NULL' failed
> qemu-img: GLib: g_hash_table_destroy: assertion 'hash_table != NULL' failed
> qemu-img: Could not open '': http curl driver cannot handle the URL '' (does not start with 'http://')
> 
> Closes: https://gitlab.com/qemu-project/qemu/-/issues/1475
> Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
> Signed-off-by: Hanna Czenczek <hreitz@redhat.com>

Thanks, applied to the block branch.

Kevin
Re: [PATCH] curl: Fix error path in curl_open()
Posted by Philippe Mathieu-Daudé 1 year, 2 months ago 
On 6/2/23 14:29, Hanna Czenczek wrote:
> g_hash_table_destroy() and g_hash_table_foreach_remove() (called by
> curl_drop_all_sockets()) both require the table to be non-NULL, or will
> print assertion failures (just print, no abort).
> 
> There are several paths in curl_open() that can lead to the out_noclean
> label without s->sockets being allocated, so clean it only if it has
> been allocated.
> 
> Example reproducer:
> $ qemu-img info -f http ''
> qemu-img: GLib: g_hash_table_foreach_remove: assertion 'hash_table != NULL' failed
> qemu-img: GLib: g_hash_table_destroy: assertion 'hash_table != NULL' failed
> qemu-img: Could not open '': http curl driver cannot handle the URL '' (does not start with 'http://')
> 
> Closes: https://gitlab.com/qemu-project/qemu/-/issues/1475
> Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
> Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
> ---
>   block/curl.c | 6 ++++--
>   1 file changed, 4 insertions(+), 2 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Re: [PATCH] curl: Fix error path in curl_open()
Posted by Daniel P. Berrangé 1 year, 2 months ago 
On Mon, Feb 06, 2023 at 02:29:49PM +0100, Hanna Czenczek wrote:
> g_hash_table_destroy() and g_hash_table_foreach_remove() (called by
> curl_drop_all_sockets()) both require the table to be non-NULL, or will
> print assertion failures (just print, no abort).
> 
> There are several paths in curl_open() that can lead to the out_noclean
> label without s->sockets being allocated, so clean it only if it has
> been allocated.
> 
> Example reproducer:
> $ qemu-img info -f http ''
> qemu-img: GLib: g_hash_table_foreach_remove: assertion 'hash_table != NULL' failed
> qemu-img: GLib: g_hash_table_destroy: assertion 'hash_table != NULL' failed
> qemu-img: Could not open '': http curl driver cannot handle the URL '' (does not start with 'http://')
> 
> Closes: https://gitlab.com/qemu-project/qemu/-/issues/1475
> Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
> Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
> ---
>  block/curl.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.