slirp updates

Prasad J Pandit (2): slirp: Fix buffer overflow on packet reassembling Samuel Thibault (3): slirp: Add Samuel Thibault's staging tree for slirp slirp: fix domainname version availability -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEOjpdRkZg6GdhDKQnmWhJwc9WBHgFAlsaHkgACgkQmWhJwc9W BHgC+A//aLlgQuto9TscHvvvzQX4KsoempDxa3BAHc+eCpWrSdg8ddh16b4NkXTD nDhrbN64nOO0EfplRWNyakIsf8K/gX9KuRks+ZpPyIydPWfRB4NnZQPObRZ17c0X mSL06qIdBuK/9DJIzm6iJ8L4DT/UmNJlvVmwna1FdWwlthJnynskKXjTCIfs5LfQ ld7qMK1RAGQNAtXxaXxkEWm+oBUeswBfrc7i3kfX7W4/fhO+idWeu6sCXJFVZtnP hfH8GmWaz1rapsRb7sTjG6KK+OPGY5gDLb/okj9DlVP/n/Ksx18rOMS2uNwUKT14 YmRQBPGq1sZF+RU3GoyLDcNlzqxOQ8KXMWjlY5eLc54NOVJ1sTdzArgUNwDvCGOn zS6CGxGtX2KkL1l8mn76l/j+OO3yqqLyLsz0PEi5ahMA75uShmHhX1MMB+tKCGnl YB953Qh7lGDQFt0w/op1etiVkrDFevDq95fntqJjAvdo5CVtaMooMEiolji/3t1u 6rWzzrgKfWgeXKGWymh0AQPeLVkmXRPOA+L7JqNwWn6wxl6yJGOcDRVuwVaNNYE0 OrKgfRa6vDI+YTHghlawJg4hFCMBmUlEsLyuc+rbOy+hSbHg9mDrV8XyHL5dhufL cYvpRuroDCo4X3CKTFGy/GkPQCz1hExCM2JcjuhFtTL7s2Rb5Bs= =ZIdm -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging slirp updates Prasad J Pandit (2): slirp: Fix buffer overflow on packet reassembling Samuel Thibault (3): slirp: Add Samuel Thibault's staging tree for slirp slirp: fix domainname version availability # gpg: Signature made Fri 08 Jun 2018 07:12:24 BST # gpg: using RSA key 996849C1CF560478 # gpg: Good signature from "Samuel Thibault <samuel.thibault@aquilenet.fr>" # gpg: aka "Samuel Thibault <sthibault@debian.org>" # gpg: aka "Samuel Thibault <samuel.thibault@gnu.org>" # gpg: aka "Samuel Thibault <samuel.thibault@inria.fr>" # gpg: aka "Samuel Thibault <samuel.thibault@labri.fr>" # gpg: aka "Samuel Thibault <samuel.thibault@ens-lyon.org>" # gpg: aka "Samuel Thibault <samuel.thibault@u-bordeaux.fr>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 900C B024 B679 31D4 0F82 304B D017 8C76 7D06 9EE6 # Subkey fingerprint: 3A3A 5D46 4660 E867 610C A427 9968 49C1 CF56 0478 * remotes/thibault/tags/samuel-thibault: slirp: reformat m_inc routine slirp: correct size computation while concatenating mbuf slirp: fix domainname version availability slirp: Add Samuel Thibault's staging tree for slirp slirp: Fix spurious error report when sending directly Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-08 10:26:16 +01:00 · 2018-06-08 10:26:16 +01:00 · bac5ba3dc5
commit bac5ba3dc5
parent a674da0ab7 c22098c74a
5 changed files with 30 additions and 34 deletions
--- a/1
+++ b/1
@ -1675,6 +1675,7 @@ S: Maintained
 F: slirp/
 F: net/slirp.c
 F: include/net/slirp.h
+T: git https://people.debian.org/~sthibault/qemu.git slirp
 T: git git://git.kiszka.org/qemu.git queues/slirp

 Stubs
--- a/qapi/net.json
+++ b/qapi/net.json
@ -161,7 +161,7 @@
 #             to the guest
 #
 # @domainname: guest-visible domain name of the virtual nameserver
-#              (since 2.12)
+#              (since 3.0)
 #
 # @ipv6-prefix: IPv6 network prefix (default is fec0::) (since
 #               2.6). The network prefix is given in the usual
--- a/slirp/mbuf.c
+++ b/slirp/mbuf.c
@ -138,7 +138,7 @@ m_cat(struct mbuf *m, struct mbuf *n)
 	 * If there's no room, realloc
 	 */
 	if (M_FREEROOM(m) < n->m_len)
-		m_inc(m,m->m_size+MINCSIZE);
+		m_inc(m, m->m_len + n->m_len);

 	memcpy(m->m_data+m->m_len, n->m_data, n->m_len);
 	m->m_len += n->m_len;
@ -147,32 +147,29 @@ m_cat(struct mbuf *m, struct mbuf *n)
 }


-/* make m size bytes large */
+/* make m 'size' bytes large from m_data */
 void
 m_inc(struct mbuf *m, int size)
 {
-	int datasize;
+    int datasize;

-	/* some compiles throw up on gotos.  This one we can fake. */
-        if(m->m_size>size) return;
+    /* some compilers throw up on gotos.  This one we can fake. */
+    if (m->m_size > size) {
+        return;
+    }

-        if (m->m_flags & M_EXT) {
-	  datasize = m->m_data - m->m_ext;
-          m->m_ext = g_realloc(m->m_ext, size);
-	  m->m_data = m->m_ext + datasize;
-        } else {
-	  char *dat;
-	  datasize = m->m_data - m->m_dat;
-          dat = g_malloc(size);
-	  memcpy(dat, m->m_dat, m->m_size);
-
-	  m->m_ext = dat;
-	  m->m_data = m->m_ext + datasize;
-	  m->m_flags |= M_EXT;
-        }
-
-        m->m_size = size;
+    if (m->m_flags & M_EXT) {
+        datasize = m->m_data - m->m_ext;
+        m->m_ext = g_realloc(m->m_ext, size + datasize);
+    } else {
+        datasize = m->m_data - m->m_dat;
+        m->m_ext = g_malloc(size + datasize);
+        memcpy(m->m_ext, m->m_dat, m->m_size);
+        m->m_flags |= M_EXT;
+    }

+    m->m_data = m->m_ext + datasize;
+    m->m_size = size + datasize;
 }


--- a/slirp/mbuf.h
+++ b/slirp/mbuf.h
@ -33,8 +33,6 @@
 #ifndef MBUF_H
 #define MBUF_H

-#define MINCSIZE 4096	/* Amount to increase mbuf if too small */
-
 /*
 * Macros for type conversion
 * mtod(m,t) -	convert mbuf pointer to data pointer of correct type
@ -72,11 +70,11 @@ struct mbuf {
 	struct	mbuf *m_prevpkt;	/* Flags aren't used in the output queue */
 	int	m_flags;		/* Misc flags */

-	int	m_size;			/* Size of data */
+	int	m_size;			/* Size of mbuf, from m_dat or m_ext */
 	struct	socket *m_so;

-	caddr_t	m_data;			/* Location of data */
-	int	m_len;			/* Amount of data in this mbuf */
+	caddr_t	m_data;			/* Current location of data */
+	int	m_len;			/* Amount of data in this mbuf, from m_data */

 	Slirp *slirp;
 	bool	resolution_requested;
--- a/slirp/socket.c
+++ b/slirp/socket.c
@ -340,7 +340,7 @@ sosendoob(struct socket *so)
 	struct sbuf *sb = &so->so_rcv;
 	char buff[2048]; /* XXX Shouldn't be sending more oob data than this */

-	int n, len;
+	int n;

 	DEBUG_CALL("sosendoob");
 	DEBUG_ARG("so = %p", so);
@ -359,7 +359,7 @@ sosendoob(struct socket *so)
 		 * send it all
 		 */
 		uint32_t urgc = so->so_urgc;
-		len = (sb->sb_data + sb->sb_datalen) - sb->sb_rptr;
+		int len = (sb->sb_data + sb->sb_datalen) - sb->sb_rptr;
 		if (len > urgc) {
 			len = urgc;
 		}
@ -374,13 +374,13 @@ sosendoob(struct socket *so)
 			len += n;
 		}
 		n = slirp_send(so, buff, len, (MSG_OOB)); /* |MSG_DONTWAIT)); */
+#ifdef DEBUG
+		if (n != len) {
+			DEBUG_ERROR((dfd, "Didn't send all data urgently XXXXX\n"));
+		}
+#endif
 	}

-#ifdef DEBUG
-	if (n != len) {
-		DEBUG_ERROR((dfd, "Didn't send all data urgently XXXXX\n"));
-	}
-#endif
 	if (n < 0) {
 		return n;
 	}