qemu/0004-curl-Allow-a-cookie-or-cookies-to-be-sent-with-http-.patch
Cole Robinson 46f3a5c276 Rebased to version 2.1.2
CVE-2014-3640 qemu: slirp: NULL pointer (bz #1144821, bz #1144818)
2014-09-26 10:26:35 -04:00

125 lines
4.4 KiB
Diff

From 4b3a1a47188c5df308d51048a8a0de630c45d12c Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 29 Aug 2014 16:03:12 +0100
Subject: [PATCH] curl: Allow a cookie or cookies to be sent with http/https
requests.
In order to access VMware ESX efficiently, we need to send a session
cookie. This patch is very simple and just allows you to send that
session cookie. It punts on the question of how you get the session
cookie in the first place, but in practice you can just run a `curl'
command against the server and extract the cookie that way.
To use it, add file.cookie to the curl URL. For example:
$ qemu-img info 'json: {
"file.driver":"https",
"file.url":"https://vcenter/folder/Windows%202003/Windows%202003-flat.vmdk?dcPath=Datacenter&dsName=datastore1",
"file.sslverify":"off",
"file.cookie":"vmware_soap_session=\"52a01262-bf93-ccce-d379-8dabb3e55560\""}'
image: [...]
file format: raw
virtual size: 8.0G (8589934592 bytes)
disk size: unavailable
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit a94f83d94fdf907680f068f1be7ad13d1f697067)
---
block/curl.c | 16 ++++++++++++++++
qemu-options.hx | 5 +++++
2 files changed, 21 insertions(+)
diff --git a/block/curl.c b/block/curl.c
index 6f45547..537e257 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -73,6 +73,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
#define CURL_BLOCK_OPT_READAHEAD "readahead"
#define CURL_BLOCK_OPT_SSLVERIFY "sslverify"
#define CURL_BLOCK_OPT_TIMEOUT "timeout"
+#define CURL_BLOCK_OPT_COOKIE "cookie"
struct BDRVCURLState;
@@ -112,6 +113,7 @@ typedef struct BDRVCURLState {
size_t readahead_size;
bool sslverify;
int timeout;
+ char *cookie;
bool accept_range;
AioContext *aio_context;
} BDRVCURLState;
@@ -385,6 +387,9 @@ static CURLState *curl_init_state(BDRVCURLState *s)
curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
(long) s->sslverify);
+ if (s->cookie) {
+ curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
+ }
curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, s->timeout);
curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
(void *)curl_read_cb);
@@ -497,6 +502,11 @@ static QemuOptsList runtime_opts = {
.type = QEMU_OPT_NUMBER,
.help = "Curl timeout"
},
+ {
+ .name = CURL_BLOCK_OPT_COOKIE,
+ .type = QEMU_OPT_STRING,
+ .help = "Pass the cookie or list of cookies with each request"
+ },
{ /* end of list */ }
},
};
@@ -509,6 +519,7 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
QemuOpts *opts;
Error *local_err = NULL;
const char *file;
+ const char *cookie;
double d;
static int inited = 0;
@@ -538,6 +549,9 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
+ cookie = qemu_opt_get(opts, CURL_BLOCK_OPT_COOKIE);
+ s->cookie = g_strdup(cookie);
+
file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL);
if (file == NULL) {
error_setg(errp, "curl block driver requires an 'url' option");
@@ -593,6 +607,7 @@ out:
curl_easy_cleanup(state->curl);
state->curl = NULL;
out_noclean:
+ g_free(s->cookie);
g_free(s->url);
qemu_opts_del(opts);
return -EINVAL;
@@ -689,6 +704,7 @@ static void curl_close(BlockDriverState *bs)
DPRINTF("CURL: Close\n");
curl_detach_aio_context(bs);
+ g_free(s->cookie);
g_free(s->url);
}
diff --git a/qemu-options.hx b/qemu-options.hx
index dcb008b..53b6171 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2352,6 +2352,11 @@ multiple of 512 bytes. It defaults to 256k.
Whether to verify the remote server's certificate when connecting over SSL. It
can have the value 'on' or 'off'. It defaults to 'on'.
+@item cookie
+Send this cookie (it can also be a list of cookies separated by ';') with
+each outgoing request. Only supported when using protocols such as HTTP
+which support cookies, otherwise ignored.
+
@item timeout
Set the timeout in seconds of the CURL connection. This timeout is the time
that CURL waits for a response from the remote server to get the size of the