From 7c24384b3b984f0256ba10eb26d877ec28985019 Mon Sep 17 00:00:00 2001 From: Peter Lieven Date: Wed, 25 Jun 2014 00:06:00 +0200 Subject: [PATCH] block/nfs: fix url parameter checking this patch fixes the incorrect usage of strncmp and adds simple error checking by means of parse_uint_full instead of atoi for the supplied URL parameters. Signed-off-by: Peter Lieven Reviewed-by: Eric Blake Signed-off-by: Kevin Wolf --- block/nfs.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/block/nfs.c b/block/nfs.c index ec43201..0b44483 100644 --- a/block/nfs.c +++ b/block/nfs.c @@ -304,17 +304,23 @@ static int64_t nfs_client_open(NFSClient *client, const char *filename, qp = query_params_parse(uri->query); for (i = 0; i < qp->n; i++) { + unsigned long long val; if (!qp->p[i].value) { error_setg(errp, "Value for NFS parameter expected: %s", qp->p[i].name); goto fail; } - if (!strncmp(qp->p[i].name, "uid", 3)) { - nfs_set_uid(client->context, atoi(qp->p[i].value)); - } else if (!strncmp(qp->p[i].name, "gid", 3)) { - nfs_set_gid(client->context, atoi(qp->p[i].value)); - } else if (!strncmp(qp->p[i].name, "tcp-syncnt", 10)) { - nfs_set_tcp_syncnt(client->context, atoi(qp->p[i].value)); + if (parse_uint_full(qp->p[i].value, &val, 0)) { + error_setg(errp, "Illegal value for NFS parameter: %s", + qp->p[i].name); + goto fail; + } + if (!strcmp(qp->p[i].name, "uid")) { + nfs_set_uid(client->context, val); + } else if (!strcmp(qp->p[i].name, "gid")) { + nfs_set_gid(client->context, val); + } else if (!strcmp(qp->p[i].name, "tcp-syncnt")) { + nfs_set_tcp_syncnt(client->context, val); } else { error_setg(errp, "Unknown NFS parameter name: %s", qp->p[i].name); -- 2.7.4