slirp: Canonicalize restrict syntax

All other boolean arguments accept on|off - except for slirp's restrict. Fix that while still accepting the formerly allowed yes|y|no|n, but reject everything else. This avoids accidentally allowing external connections because syntax errors were so far interpreted as 'restrict=no'. CC: Gleb Natapov <gleb@redhat.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-07-20 12:20:14 +02:00 · 2011-07-20 12:20:14 +02:00 · c54ed5bcdd
commit c54ed5bcdd
parent 12b513d837
2 changed files with 17 additions and 8 deletions
--- a/net/slirp.c
+++ b/net/slirp.c
@ -240,7 +240,8 @@ static int net_slirp_init(VLANState *vlan, const char *model,
    nc = qemu_new_net_client(&net_slirp_info, vlan, NULL, model, name);

    snprintf(nc->info_str, sizeof(nc->info_str),
-             "net=%s, restricted=%c", inet_ntoa(net), restricted ? 'y' : 'n');
+             "net=%s,restrict=%s", inet_ntoa(net),
+             restricted ? "on" : "off");

    s = DO_UPCAST(SlirpState, nc, nc);

@ -689,6 +690,7 @@ int net_init_slirp(QemuOpts *opts,
    const char *bootfile;
    const char *smb_export;
    const char *vsmbsrv;
+    const char *restrict_opt;
    char *vnet = NULL;
    int restricted = 0;
    int ret;
@ -702,6 +704,18 @@ int net_init_slirp(QemuOpts *opts,
    smb_export  = qemu_opt_get(opts, "smb");
    vsmbsrv     = qemu_opt_get(opts, "smbserver");

+    restrict_opt = qemu_opt_get(opts, "restrict");
+    if (restrict_opt) {
+        if (!strcmp(restrict_opt, "on") ||
+            !strcmp(restrict_opt, "yes") || !strcmp(restrict_opt, "y")) {
+            restricted = 1;
+        } else if (strcmp(restrict_opt, "off") &&
+            strcmp(restrict_opt, "no") && strcmp(restrict_opt, "n")) {
+            error_report("invalid option: 'restrict=%s'", restrict_opt);
+            return -1;
+        }
+    }
+
    if (qemu_opt_get(opts, "ip")) {
        const char *ip = qemu_opt_get(opts, "ip");
        int l = strlen(ip) + strlen("/24") + 1;
@ -720,11 +734,6 @@ int net_init_slirp(QemuOpts *opts,
        vnet = qemu_strdup(qemu_opt_get(opts, "net"));
    }

-    if (qemu_opt_get(opts, "restrict") &&
-        qemu_opt_get(opts, "restrict")[0] == 'y') {
-        restricted = 1;
-    }
-
    qemu_opt_foreach(opts, net_init_slirp_configs, NULL, 0);

    ret = net_slirp_init(vlan, "user", name, restricted, vnet, vhost,
--- a/qemu-options.hx
+++ b/qemu-options.hx
@ -1115,7 +1115,7 @@ DEF("net", HAS_ARG, QEMU_OPTION_net,
    "-net nic[,vlan=n][,macaddr=mac][,model=type][,name=str][,addr=str][,vectors=v]\n"
    "                create a new Network Interface Card and connect it to VLAN 'n'\n"
 #ifdef CONFIG_SLIRP
-    "-net user[,vlan=n][,name=str][,net=addr[/mask]][,host=addr][,restrict=y|n]\n"
+    "-net user[,vlan=n][,name=str][,net=addr[/mask]][,host=addr][,restrict=on|off]\n"
    "         [,hostname=host][,dhcpstart=addr][,dns=addr][,tftp=dir][,bootfile=f]\n"
    "         [,hostfwd=rule][,guestfwd=rule]"
 #ifndef _WIN32
@ -1208,7 +1208,7 @@ either in the form a.b.c.d or as number of valid top-most bits. Default is
 Specify the guest-visible address of the host. Default is the 2nd IP in the
 guest network, i.e. x.x.x.2.

-@item restrict=y|yes|n|no
+@item restrict=on|off
 If this option is enabled, the guest will be isolated, i.e. it will not be
 able to contact the host and no guest IP packets will be routed over the host
 to the outside. This option does not affect any explicitly set forwarding rules.