net: properly handle illegal fd/vhostfd from command line

When hanlding fd/vhostfd form command line through net_handle_fd_param(),
we need to check mon and return value of strtol() otherwise we could
get segmentation fault or invalid fd when user type an illegal fd/vhostfd.

This patch is based on the suggestions from
Luiz Capitulino <lcapitulino@redhat.com>.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

diff --git a/net.c b/net.c
index ed74c7f..c5e6063 100644 (file)
--- a/net.c
+++ b/net.c
@@ -774,19 +774,25 @@ int qemu_find_nic_model(NICInfo *nd, const char * const *models,
 
 int net_handle_fd_param(Monitor *mon, const char *param)
 {
-    if (!qemu_isdigit(param[0])) {
-        int fd;
+    int fd;
+
+    if (!qemu_isdigit(param[0]) && mon) {
 
         fd = monitor_get_fd(mon, param);
         if (fd == -1) {
             error_report("No file descriptor named %s found", param);
             return -1;
         }
-
-        return fd;
     } else {
-        return strtol(param, NULL, 0);
+        char *endptr = NULL;
+
+        fd = strtol(param, &endptr, 10);
+        if (*endptr || (fd == 0 && param == endptr)) {
+            return -1;
+        }
     }
+
+    return fd;
 }
 
 static int net_init_nic(QemuOpts *opts,