46f3a5c276
CVE-2014-3640 qemu: slirp: NULL pointer (bz #1144821, bz #1144818)
125 lines
4.4 KiB
Diff
125 lines
4.4 KiB
Diff
From 4b3a1a47188c5df308d51048a8a0de630c45d12c Mon Sep 17 00:00:00 2001
|
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
Date: Fri, 29 Aug 2014 16:03:12 +0100
|
|
Subject: [PATCH] curl: Allow a cookie or cookies to be sent with http/https
|
|
requests.
|
|
|
|
In order to access VMware ESX efficiently, we need to send a session
|
|
cookie. This patch is very simple and just allows you to send that
|
|
session cookie. It punts on the question of how you get the session
|
|
cookie in the first place, but in practice you can just run a `curl'
|
|
command against the server and extract the cookie that way.
|
|
|
|
To use it, add file.cookie to the curl URL. For example:
|
|
|
|
$ qemu-img info 'json: {
|
|
"file.driver":"https",
|
|
"file.url":"https://vcenter/folder/Windows%202003/Windows%202003-flat.vmdk?dcPath=Datacenter&dsName=datastore1",
|
|
"file.sslverify":"off",
|
|
"file.cookie":"vmware_soap_session=\"52a01262-bf93-ccce-d379-8dabb3e55560\""}'
|
|
image: [...]
|
|
file format: raw
|
|
virtual size: 8.0G (8589934592 bytes)
|
|
disk size: unavailable
|
|
|
|
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
|
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
(cherry picked from commit a94f83d94fdf907680f068f1be7ad13d1f697067)
|
|
---
|
|
block/curl.c | 16 ++++++++++++++++
|
|
qemu-options.hx | 5 +++++
|
|
2 files changed, 21 insertions(+)
|
|
|
|
diff --git a/block/curl.c b/block/curl.c
|
|
index 6f45547..537e257 100644
|
|
--- a/block/curl.c
|
|
+++ b/block/curl.c
|
|
@@ -73,6 +73,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
|
|
#define CURL_BLOCK_OPT_READAHEAD "readahead"
|
|
#define CURL_BLOCK_OPT_SSLVERIFY "sslverify"
|
|
#define CURL_BLOCK_OPT_TIMEOUT "timeout"
|
|
+#define CURL_BLOCK_OPT_COOKIE "cookie"
|
|
|
|
struct BDRVCURLState;
|
|
|
|
@@ -112,6 +113,7 @@ typedef struct BDRVCURLState {
|
|
size_t readahead_size;
|
|
bool sslverify;
|
|
int timeout;
|
|
+ char *cookie;
|
|
bool accept_range;
|
|
AioContext *aio_context;
|
|
} BDRVCURLState;
|
|
@@ -385,6 +387,9 @@ static CURLState *curl_init_state(BDRVCURLState *s)
|
|
curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
|
|
curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
|
|
(long) s->sslverify);
|
|
+ if (s->cookie) {
|
|
+ curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
|
|
+ }
|
|
curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, s->timeout);
|
|
curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
|
|
(void *)curl_read_cb);
|
|
@@ -497,6 +502,11 @@ static QemuOptsList runtime_opts = {
|
|
.type = QEMU_OPT_NUMBER,
|
|
.help = "Curl timeout"
|
|
},
|
|
+ {
|
|
+ .name = CURL_BLOCK_OPT_COOKIE,
|
|
+ .type = QEMU_OPT_STRING,
|
|
+ .help = "Pass the cookie or list of cookies with each request"
|
|
+ },
|
|
{ /* end of list */ }
|
|
},
|
|
};
|
|
@@ -509,6 +519,7 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
|
|
QemuOpts *opts;
|
|
Error *local_err = NULL;
|
|
const char *file;
|
|
+ const char *cookie;
|
|
double d;
|
|
|
|
static int inited = 0;
|
|
@@ -538,6 +549,9 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
|
|
|
|
s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
|
|
|
|
+ cookie = qemu_opt_get(opts, CURL_BLOCK_OPT_COOKIE);
|
|
+ s->cookie = g_strdup(cookie);
|
|
+
|
|
file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL);
|
|
if (file == NULL) {
|
|
error_setg(errp, "curl block driver requires an 'url' option");
|
|
@@ -593,6 +607,7 @@ out:
|
|
curl_easy_cleanup(state->curl);
|
|
state->curl = NULL;
|
|
out_noclean:
|
|
+ g_free(s->cookie);
|
|
g_free(s->url);
|
|
qemu_opts_del(opts);
|
|
return -EINVAL;
|
|
@@ -689,6 +704,7 @@ static void curl_close(BlockDriverState *bs)
|
|
DPRINTF("CURL: Close\n");
|
|
curl_detach_aio_context(bs);
|
|
|
|
+ g_free(s->cookie);
|
|
g_free(s->url);
|
|
}
|
|
|
|
diff --git a/qemu-options.hx b/qemu-options.hx
|
|
index dcb008b..53b6171 100644
|
|
--- a/qemu-options.hx
|
|
+++ b/qemu-options.hx
|
|
@@ -2352,6 +2352,11 @@ multiple of 512 bytes. It defaults to 256k.
|
|
Whether to verify the remote server's certificate when connecting over SSL. It
|
|
can have the value 'on' or 'off'. It defaults to 'on'.
|
|
|
|
+@item cookie
|
|
+Send this cookie (it can also be a list of cookies separated by ';') with
|
|
+each outgoing request. Only supported when using protocols such as HTTP
|
|
+which support cookies, otherwise ignored.
|
|
+
|
|
@item timeout
|
|
Set the timeout in seconds of the CURL connection. This timeout is the time
|
|
that CURL waits for a response from the remote server to get the size of the
|