From nobody Sat May 4 18:01:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555599996; cv=none; d=zoho.com; s=zohoarc; b=lcy1FQ+kVvh0BB3RsgSmpEXwGlgtnBDJPkHhcfPEH8oTbAo3Pcd5uY7yh+B2zCy4rorMXUr2gjqklDeAXzeSdeNNcQkdeYAuS3XuFaqmZaQN0qJuMu3OToDF2ugHAHBmjg7iBJUWhw62dyyuJhQcgaTaYkqiiWV6aYBMrqCBq4U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555599996; h=Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=81yEl79UN014Ldk49tBKmyia4UR5eluXZD9EF1FvyRo=; b=cpuh7aErpc637xseQ9cn25rvS2O3AzAzBGrX+gLBhuKCIQ9NdEBPPWFIrgSdnDY9syRA/8fko+aRs9IayJgeJbUYR1RuJ80G/bg2lcKP2KqZpfN1izPTtggxkOu13oQqKr2CDuTr1tG0hy/0Z0QUuwD3Ju1NniAF+gjVWABQ998= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1555599996643357.7597670389488; Thu, 18 Apr 2019 08:06:36 -0700 (PDT) Received: from localhost ([127.0.0.1]:42686 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hH8cQ-0000H0-4l for importer@patchew.org; Thu, 18 Apr 2019 11:06:30 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35014) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hH8V2-0002P9-Jk for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:58:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hH8QL-0002Be-SA for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:54:02 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50504) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hH8QL-0002Aj-LC for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:54:01 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9365A756 for ; Thu, 18 Apr 2019 14:53:57 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-116.ams2.redhat.com [10.36.116.116]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6460460BEC for ; Thu, 18 Apr 2019 14:53:57 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id DBA4E1132BB6; Thu, 18 Apr 2019 16:53:55 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Thu, 18 Apr 2019 16:53:50 +0200 Message-Id: <20190418145355.21100-2-armbru@redhat.com> In-Reply-To: <20190418145355.21100-1-armbru@redhat.com> References: <20190418145355.21100-1-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Thu, 18 Apr 2019 14:53:57 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 1/6] qemu-bridge-helper: Fix misuse of isspace() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" parse_acl_file() passes char values to isspace(). Undefined behavior when the value is negative. Not a security issue, because the characters come from trusted $prefix/etc/qemu/bridge.conf and the files it includes. Fix by using qemu_isspace() instead. Signed-off-by: Markus Armbruster --- qemu-bridge-helper.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c index 5396fbfbb6..0d60c07655 100644 --- a/qemu-bridge-helper.c +++ b/qemu-bridge-helper.c @@ -29,6 +29,7 @@ #include #endif =20 +#include "qemu-common.h" #include "qemu/queue.h" =20 #include "net/tap-linux.h" @@ -75,7 +76,7 @@ static int parse_acl_file(const char *filename, ACLList *= acl_list) char *ptr =3D line; char *cmd, *arg, *argend; =20 - while (isspace(*ptr)) { + while (qemu_isspace(*ptr)) { ptr++; } =20 @@ -99,12 +100,12 @@ static int parse_acl_file(const char *filename, ACLLis= t *acl_list) =20 *arg =3D 0; arg++; - while (isspace(*arg)) { + while (qemu_isspace(*arg)) { arg++; } =20 argend =3D arg + strlen(arg); - while (arg !=3D argend && isspace(*(argend - 1))) { + while (arg !=3D argend && qemu_isspace(*(argend - 1))) { argend--; } *argend =3D 0; --=20 2.17.2 From nobody Sat May 4 18:01:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555599805; cv=none; d=zoho.com; s=zohoarc; b=MFmtV1FSs9a2DU1oAxfhqUA/4wg7otvBxCTLsrZPBehESI57/JPDa1DYTA1+yZSJ7jzUwW5tzDkiYcbJPAvYJDPfoIbIR9V3vdpB6n1hqkRsMnl7tZGv4EpJM+RzrEzmO+MyAhdY1eoX4MySl9aM64fj8I+0eAUea8K+supgzUI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555599805; h=Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=VBvn8ECGuyfTuESSKgvrzYn3VOajurgOJU3Pk+yWCDg=; b=hCVTtIn6ZZuhaIhxzDubwZ+nSNKnKlzM5YGo4fD3auzC/Fr/HHDTLielGTpzr8X3sb9CDew+WS6wzI/JEz74aLS33Qulj56GqgHXyQ4oU6J0Z85AYomaou7j5RaLvrjyKmtBMZvRP8CkAtpAuxV1BHi3CqxmFF8cDSoFNf2W6wI= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1555599805743986.4765629191486; Thu, 18 Apr 2019 08:03:25 -0700 (PDT) Received: from localhost ([127.0.0.1]:42616 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hH8ZO-00067s-NG for importer@patchew.org; Thu, 18 Apr 2019 11:03:22 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35014) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hH8V0-0002P9-Uo for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:58:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hH8QM-0002C2-2O for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:54:02 -0400 Received: from mx1.redhat.com ([209.132.183.28]:35476) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hH8QL-0002Ai-S1 for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:54:01 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 920C75859C for ; Thu, 18 Apr 2019 14:53:57 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-116.ams2.redhat.com [10.36.116.116]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6459260856 for ; Thu, 18 Apr 2019 14:53:57 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id DDD521132BD3; Thu, 18 Apr 2019 16:53:55 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Thu, 18 Apr 2019 16:53:51 +0200 Message-Id: <20190418145355.21100-3-armbru@redhat.com> In-Reply-To: <20190418145355.21100-1-armbru@redhat.com> References: <20190418145355.21100-1-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Thu, 18 Apr 2019 14:53:57 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 2/6] tests/vhost-user-bridge: Fix misuse of isdigit() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" vubr_set_host() passes char values to isdigit(). Undefined behavior when the value is negative. Fix by using qemu_isdigit() instead. Signed-off-by: Markus Armbruster --- tests/vhost-user-bridge.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/vhost-user-bridge.c b/tests/vhost-user-bridge.c index 0033b61f2e..d70b107ebc 100644 --- a/tests/vhost-user-bridge.c +++ b/tests/vhost-user-bridge.c @@ -645,7 +645,7 @@ vubr_host_notifier_setup(VubrDev *dev) static void vubr_set_host(struct sockaddr_in *saddr, const char *host) { - if (isdigit(host[0])) { + if (qemu_isdigit(host[0])) { if (!inet_aton(host, &saddr->sin_addr)) { fprintf(stderr, "inet_aton() failed.\n"); exit(1); --=20 2.17.2 From nobody Sat May 4 18:01:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555599652; cv=none; d=zoho.com; s=zohoarc; b=KY8bbupWW+zsFbSqgBAXGusy/ZopVVedH3qS2iJfON2gwMXCarY3W91Gs5GehAWg2tivIuYAMmaSwKPxrb87j/9IBjHru1C1OLP4fsjTOJYuLCwgb2bsVs1MjzG8KPztRM8wMSPFA6qpFR+E1z9a7ih4jGFAGx9Az1XQ2xS6nwg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555599652; h=Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=X3JzjdL3MS4hjKAXeqRj6/ZHqwnWVCg1KsGE4hkljOo=; b=Ry/1K8PrUG7l2SP01hYRT3J0aDwY5MRyfQrHU7YsJ302LMkCJppEmp/XBFFvGPlrjkrecwsxCJFnieS/8suoYdU160iZQeKOwnyUa/+9R+9lhwLFNi6DvntnHcovC9eBAQR1bkNIuOSFUpZ5AtyHWGL/wmw6iVo1hi5XgE2Cdro= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1555599652869285.7390717029683; Thu, 18 Apr 2019 08:00:52 -0700 (PDT) Received: from localhost ([127.0.0.1]:42575 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hH8Wx-00047n-9S for importer@patchew.org; Thu, 18 Apr 2019 11:00:51 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35030) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hH8Uz-0002PV-OK for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:58:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hH8QM-0002Bs-27 for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:54:03 -0400 Received: from mx1.redhat.com ([209.132.183.28]:46282) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hH8QL-0002An-RM for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:54:01 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9283F301BE65 for ; Thu, 18 Apr 2019 14:53:57 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-116.ams2.redhat.com [10.36.116.116]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 641755C206 for ; Thu, 18 Apr 2019 14:53:57 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id E19DE1132B6C; Thu, 18 Apr 2019 16:53:55 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Thu, 18 Apr 2019 16:53:52 +0200 Message-Id: <20190418145355.21100-4-armbru@redhat.com> In-Reply-To: <20190418145355.21100-1-armbru@redhat.com> References: <20190418145355.21100-1-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Thu, 18 Apr 2019 14:53:57 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 3/6] gdbstub: Reject invalid RLE repeat counts X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" "Debugging with GDB / Appendix E GDB Remote Serial Protocol / Overview" specifies "The printable characters '#' and '$' or with a numeric value greater than 126 must not be used." gdb_read_byte() only rejects values < 32. This is wrong. Impact depends on the caller: * gdb_handlesig() passes a char. Incorrectly accepts '#', '$' and '\127'. * gdb_chr_receive() passes an uint8_t. Additionally accepts characters with the most-significant bit set. Correct the validity check to match the specification. Signed-off-by: Markus Armbruster Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- gdbstub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gdbstub.c b/gdbstub.c index d54abd17cc..a6dce1b027 100644 --- a/gdbstub.c +++ b/gdbstub.c @@ -2064,7 +2064,7 @@ static void gdb_read_byte(GDBState *s, int ch) } break; case RS_GETLINE_RLE: - if (ch < ' ') { + if (ch < ' ' || ch =3D=3D '#' || ch =3D=3D '$' || ch > 126) { /* invalid RLE count encoding */ trace_gdbstub_err_invalid_repeat((uint8_t)ch); s->state =3D RS_GETLINE; --=20 2.17.2 From nobody Sat May 4 18:01:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555599803; cv=none; d=zoho.com; s=zohoarc; b=XTj6iBThSXioPWGsncr73TnvdfcUDVg6OisBKvHpBhsqSse94ghuGTHglXDpt2nQQut6nE+sqoEnlCdkiFQG2erdRse3opkC44jmHk4z6l/0e53h+MA+hEPoMtmvMNHxHWZgBl7mtRlwfoK+QeRaLiFiJEeCpeVZv1JxzgdOKog= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555599803; h=Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=9U7FlrdqxSzQbrIhkKHxJL7zCAJwex8ECqD4Wsr1og4=; b=JNUF7gR+sfJztmZ/o8GhNL6qnM51mo1Ng99h9xxJ7osxtQIWjQE7bssoaHxuM/CjWNXjkVZ3cvXX9Eix8sMEn1biIAJbvLFrMjKto1C2Afm7dMPiGqYSevneRMAV5MRitVI+m17/VOZqIWo+lRsSFPV5gCTlWEhGPE2Jenlx82Y= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1555599803462513.0418917283318; Thu, 18 Apr 2019 08:03:23 -0700 (PDT) Received: from localhost ([127.0.0.1]:42618 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hH8ZO-000684-Fs for importer@patchew.org; Thu, 18 Apr 2019 11:03:22 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35014) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hH8Uz-0002P9-Nw for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:58:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hH8QM-0002CG-4F for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:54:03 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40052) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hH8QL-0002B5-Qw for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:54:02 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DBF7281E1C for ; Thu, 18 Apr 2019 14:53:58 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-116.ams2.redhat.com [10.36.116.116]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6D0CB600C2 for ; Thu, 18 Apr 2019 14:53:57 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id E51BB1132B74; Thu, 18 Apr 2019 16:53:55 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Thu, 18 Apr 2019 16:53:53 +0200 Message-Id: <20190418145355.21100-5-armbru@redhat.com> In-Reply-To: <20190418145355.21100-1-armbru@redhat.com> References: <20190418145355.21100-1-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 18 Apr 2019 14:53:58 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 4/6] gdbstub: Fix misuse of isxdigit() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" gdb_read_byte() passes its @ch argument to isxdigit(). Undefined behavior when the value is negative. Two callers: * gdb_chr_receive() passes an uint8_t value. Safe. * gdb_handlesig() a char value. Unsafe. Not a security issue, because the characters come from the gdb client, which is trusted. The obvious fix would be casting @ch to unsigned char. But note that gdb_read_byte() already casts @ch to uint8_t in many places. Uses of @ch without such a cast: (1) Compare to a character constant with =3D=3D or !=3D (2) s->linesum +=3D ch (3) Store ch or ch ^ 0x20 into s->line_buf[] (4) Check for invalid RLE count: ch < ' ' || ch =3D=3D '#' || ch =3D=3D '$' || ch > 126 (5) Pass to isxdigit() (6) Pass to fromhex() Change the parameter type from int to uint8_t, and drop the now redundant casts. Affects the above uses as follows: (1) No change: the character constants are all non-negative. (2) Effectively no change: we only ever use s->linesum & 0xff, and s->linesum is int. (3) No change: s->line_buf[] is char[]. (4) No change. (5) Avoid undefined behavior. (6) No change: only reached when isxdigit(ch) Signed-off-by: Markus Armbruster --- gdbstub.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/gdbstub.c b/gdbstub.c index a6dce1b027..166ccbfbf4 100644 --- a/gdbstub.c +++ b/gdbstub.c @@ -1987,7 +1987,7 @@ void gdb_do_syscall(gdb_syscall_complete_cb cb, const= char *fmt, ...) va_end(va); } =20 -static void gdb_read_byte(GDBState *s, int ch) +static void gdb_read_byte(GDBState *s, uint8_t ch) { uint8_t reply; =20 @@ -2001,7 +2001,7 @@ static void gdb_read_byte(GDBState *s, int ch) } else if (ch =3D=3D '+') { trace_gdbstub_io_got_ack(); } else { - trace_gdbstub_io_got_unexpected((uint8_t)ch); + trace_gdbstub_io_got_unexpected(ch); } =20 if (ch =3D=3D '+' || ch =3D=3D '$') @@ -2024,7 +2024,7 @@ static void gdb_read_byte(GDBState *s, int ch) s->line_sum =3D 0; s->state =3D RS_GETLINE; } else { - trace_gdbstub_err_garbage((uint8_t)ch); + trace_gdbstub_err_garbage(ch); } break; case RS_GETLINE: @@ -2066,11 +2066,11 @@ static void gdb_read_byte(GDBState *s, int ch) case RS_GETLINE_RLE: if (ch < ' ' || ch =3D=3D '#' || ch =3D=3D '$' || ch > 126) { /* invalid RLE count encoding */ - trace_gdbstub_err_invalid_repeat((uint8_t)ch); + trace_gdbstub_err_invalid_repeat(ch); s->state =3D RS_GETLINE; } else { /* decode repeat length */ - int repeat =3D (unsigned char)ch - ' ' + 3; + int repeat =3D ch - ' ' + 3; if (s->line_buf_index + repeat >=3D sizeof(s->line_buf) - = 1) { /* that many repeats would overrun the command buffer = */ trace_gdbstub_err_overrun(); @@ -2092,7 +2092,7 @@ static void gdb_read_byte(GDBState *s, int ch) case RS_CHKSUM1: /* get high hex digit of checksum */ if (!isxdigit(ch)) { - trace_gdbstub_err_checksum_invalid((uint8_t)ch); + trace_gdbstub_err_checksum_invalid(ch); s->state =3D RS_GETLINE; break; } @@ -2103,7 +2103,7 @@ static void gdb_read_byte(GDBState *s, int ch) case RS_CHKSUM2: /* get low hex digit of checksum */ if (!isxdigit(ch)) { - trace_gdbstub_err_checksum_invalid((uint8_t)ch); + trace_gdbstub_err_checksum_invalid(ch); s->state =3D RS_GETLINE; break; } --=20 2.17.2 From nobody Sat May 4 18:01:50 2024 Delivered-To: importer@patchew.org Received-SPF: temperror (zoho.com: Error in retrieving data from DNS) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=temperror (zoho.com: Error in retrieving data from DNS) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555599620; cv=none; d=zoho.com; s=zohoarc; b=hFgzuf11RHMnfb/abMATT4Ln/IwRMNS1yPOVcILPnx3Dvb/CxhifqM4H9LenzWy3nyMvHWv592CQ+bvupUqUjWhCAtc2DvNQwqRsltjjftH/diYnCB1K+8JWN8NXMTie1dE5cEpPjBGL+/nV4lA9icGeFJLhCta8cL5KYrxEB0M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555599620; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=6yseq5WFlEgydgptWis0k255w9Gq9Re/w8ZUZDQThos=; b=Aw6ihi+AJK/hksJKBwkCWRB40F68PZ4up9l41IWDt1d99kNZ4Gdhhq/o/W8kEv1MNuB88ecKaP9rliTH/QfDi1S8qbNg52m3Mp61T13IhEMFoD1jLBe/TTtEkJzp541f6q5ziOfYVW/XuY/knsKrrZ+Y4OGKn8ZYyT7p/zjijfs= ARC-Authentication-Results: i=1; mx.zoho.com; spf=temperror (zoho.com: Error in retrieving data from DNS) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1555599620097167.97664871538063; Thu, 18 Apr 2019 08:00:20 -0700 (PDT) Received: from localhost ([127.0.0.1]:42538 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hH8WC-0003PZ-DO for importer@patchew.org; Thu, 18 Apr 2019 11:00:04 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35014) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hH8UN-0002P9-TF for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:58:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hH8QM-0002CB-3k for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:54:03 -0400 Received: from mx1.redhat.com ([209.132.183.28]:33598) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hH8QL-0002BP-TI; Thu, 18 Apr 2019 10:54:02 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3699130944B7; Thu, 18 Apr 2019 14:54:00 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-116.ams2.redhat.com [10.36.116.116]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 00C051001E9D; Thu, 18 Apr 2019 14:53:59 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id E8C2B1132B38; Thu, 18 Apr 2019 16:53:55 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Thu, 18 Apr 2019 16:53:54 +0200 Message-Id: <20190418145355.21100-6-armbru@redhat.com> In-Reply-To: <20190418145355.21100-1-armbru@redhat.com> References: <20190418145355.21100-1-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Thu, 18 Apr 2019 14:54:00 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 5/6] pc-bios/s390-ccw: Clean up harmless misuse of isdigit() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Christian Borntraeger , Thomas Huth , Cornelia Huck , qemu-s390x@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" atoui() and get_index() pass char values to isdigit(). With a standard isdigit(), we'd get undefined behavior when the value is negative. But we're using isdigit() from pc-bios/s390-ccw/libc.h here, which behaves nicely. Clean up anyway, just to avoid setting a bad example. Cc: Christian Borntraeger Cc: Thomas Huth Cc: Cornelia Huck Cc: qemu-s390x@nongnu.org Signed-off-by: Markus Armbruster --- pc-bios/s390-ccw/libc.c | 2 +- pc-bios/s390-ccw/menu.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pc-bios/s390-ccw/libc.c b/pc-bios/s390-ccw/libc.c index a786566c4c..3187923950 100644 --- a/pc-bios/s390-ccw/libc.c +++ b/pc-bios/s390-ccw/libc.c @@ -38,7 +38,7 @@ uint64_t atoui(const char *str) } =20 while (*str) { - if (!isdigit(*str)) { + if (!isdigit(*(unsigned char *)str)) { break; } val =3D val * 10 + *str - '0'; diff --git a/pc-bios/s390-ccw/menu.c b/pc-bios/s390-ccw/menu.c index 82a4ae6315..ce3815b201 100644 --- a/pc-bios/s390-ccw/menu.c +++ b/pc-bios/s390-ccw/menu.c @@ -134,7 +134,7 @@ static int get_index(void) =20 /* Check for erroneous input */ for (i =3D 0; i < len; i++) { - if (!isdigit(buf[i])) { + if (!isdigit((unsigned char)buf[i])) { return -1; } } --=20 2.17.2 From nobody Sat May 4 18:01:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555599818; cv=none; d=zoho.com; s=zohoarc; b=i8oIVbsvIF2VfkUA4pCyUdvG3hhyaHbxIQc5LMCpFF+SAH70600JNQ2+tNLboraI18ltdwUrJWDeBuqPCKN0Mok6MgZLfRs7KCye6S5Oc/4XNS63L5z2ZMCj+uASnzMiWU45LZpbOc1nSlqNT12TsPVUXGZv+C//IHcnpCwVYBg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555599818; h=Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=FDqXRzsOg3HrHEFTQ93PNMTfTsrC2QjO2imSRWUGInI=; b=ODgEm4JCheX3NVpK+PcD4sOQS+dCTiNoz8ubAcFQKtqAj1nVb31fapemnJVORvdM94T3erIHqfWiz42ZVg3GFxzwhkCiB+C52yWuq5Cv0E+J1R6CXSBE+iBiZv9ZiOGOAn/cBykUmZmyx6kbjPC5oRbLQ6pAS0fiFJNzgFF/vHs= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1555599818352980.9635271618382; Thu, 18 Apr 2019 08:03:38 -0700 (PDT) Received: from localhost ([127.0.0.1]:42620 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hH8Zb-0006GW-4p for importer@patchew.org; Thu, 18 Apr 2019 11:03:35 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35030) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hH8V0-0002PV-O1 for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:58:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hH8QM-0002Bk-0U for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:54:02 -0400 Received: from mx1.redhat.com ([209.132.183.28]:46314) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hH8QL-0002BL-Qa for qemu-devel@nongnu.org; Thu, 18 Apr 2019 10:54:01 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2E7A530ADBB1 for ; Thu, 18 Apr 2019 14:54:00 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-116.ams2.redhat.com [10.36.116.116]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0097E5C206 for ; Thu, 18 Apr 2019 14:53:59 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id EC4CD1132B3B; Thu, 18 Apr 2019 16:53:55 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Thu, 18 Apr 2019 16:53:55 +0200 Message-Id: <20190418145355.21100-7-armbru@redhat.com> In-Reply-To: <20190418145355.21100-1-armbru@redhat.com> References: <20190418145355.21100-1-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Thu, 18 Apr 2019 14:54:00 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 6/6] cutils: Simplify how parse_uint() checks for whitespace X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Use qemu_isspace() so we don't have to cast to unsigned char. Signed-off-by: Markus Armbruster --- util/cutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/cutils.c b/util/cutils.c index e098debdc0..bed63fc2f1 100644 --- a/util/cutils.c +++ b/util/cutils.c @@ -683,7 +683,7 @@ int parse_uint(const char *s, unsigned long long *value= , char **endptr, } =20 /* make sure we reject negative numbers: */ - while (isspace((unsigned char)*s)) { + while (qemu_isspace(*s)) { s++; } if (*s =3D=3D '-') { --=20 2.17.2