summaryrefslogtreecommitdiff
path: root/block/curl.c
diff options
context:
space:
mode:
authorRichard W.M. Jones <rjones@redhat.com>2014-10-26 11:05:27 +0000
committerStefan Hajnoczi <stefanha@redhat.com>2014-11-03 11:41:47 +0000
commitf76faeda4bd59f972d09dd9d954297f17c21dd60 (patch)
tree2f7d75dd2bd482ad21d8e7283129ddc60994489c /block/curl.c
parent3432a1929ee18e08787ce35476abd74f2c93a17c (diff)
downloadqemu-f76faeda4bd59f972d09dd9d954297f17c21dd60.tar.gz
qemu-f76faeda4bd59f972d09dd9d954297f17c21dd60.tar.bz2
qemu-f76faeda4bd59f972d09dd9d954297f17c21dd60.zip
block/curl: Improve type safety of s->timeout.
qemu_opt_get_number returns a uint64_t, and curl_easy_setopt expects a long (not an int). There is no warning about the latter type error because curl_easy_setopt uses a varargs argument. Store the timeout (which is a positive number of seconds) as a uint64_t. Check that the number given by the user is reasonable. Zero is permissible (meaning no timeout is enforced by cURL). Cast it to long before calling curl_easy_setopt to fix the type error. Example error message after this change has been applied: $ ./qemu-img create -f qcow2 /tmp/test.qcow2 \ -b 'json: { "file.driver":"https", "file.url":"https://foo/bar", "file.timeout":-1 }' qemu-img: /tmp/test.qcow2: Could not open 'json: { "file.driver":"https", "file.url":"https://foo/bar", "file.timeout":-1 }': timeout parameter is too large or negative: Invalid argument Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'block/curl.c')
-rw-r--r--block/curl.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/block/curl.c b/block/curl.c
index b4157cc8b3..bbee3ca179 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -64,6 +64,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
#define SECTOR_SIZE 512
#define READ_AHEAD_DEFAULT (256 * 1024)
#define CURL_TIMEOUT_DEFAULT 5
+#define CURL_TIMEOUT_MAX 10000
#define FIND_RET_NONE 0
#define FIND_RET_OK 1
@@ -112,7 +113,7 @@ typedef struct BDRVCURLState {
char *url;
size_t readahead_size;
bool sslverify;
- int timeout;
+ uint64_t timeout;
char *cookie;
bool accept_range;
AioContext *aio_context;
@@ -390,7 +391,7 @@ static CURLState *curl_init_state(BlockDriverState *bs, BDRVCURLState *s)
if (s->cookie) {
curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
}
- curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, s->timeout);
+ curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, (long)s->timeout);
curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
(void *)curl_read_cb);
curl_easy_setopt(state->curl, CURLOPT_WRITEDATA, (void *)state);
@@ -546,6 +547,10 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
s->timeout = qemu_opt_get_number(opts, CURL_BLOCK_OPT_TIMEOUT,
CURL_TIMEOUT_DEFAULT);
+ if (s->timeout > CURL_TIMEOUT_MAX) {
+ error_setg(errp, "timeout parameter is too large or negative");
+ goto out_noclean;
+ }
s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);