block/curl.c: Check error return from curl_easy_setopt()
Coverity points out that we aren't checking the return value from curl_easy_setopt() for any of the calls to it we make in block/curl.c. Some of these options are documented as always succeeding (e.g. CURLOPT_VERBOSE) but others have documented failure cases (e.g. CURLOPT_URL). For consistency we check every call, even the ones that theoretically cannot fail. Fixes: Coverity CID 1459336, 1459482, 1460331 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20220222152341.850419-3-peter.maydell@linaro.org> Reviewed-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com>
This commit is contained in:
Peter Maydell
Hanna Reitz
parent
2ea7dfcd05
commit
b0ea6c98fa
92
block/curl.c
92
block/curl.c
|
|
@ -458,38 +458,51 @@ static int curl_init_state(BDRVCURLState *s, CURLState *state)
|
||||||
if (!state->curl) {
|
if (!state->curl) {
|
||||||
return -EIO;
|
return -EIO;
|
||||||
}
|
}
|
||||||
curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
|
if (curl_easy_setopt(state->curl, CURLOPT_URL, s->url) ||
|
||||||
curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
|
curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
|
||||||
(long) s->sslverify);
|
(long) s->sslverify) ||
|
||||||
curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYHOST,
|
curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYHOST,
|
||||||
s->sslverify ? 2L : 0L);
|
s->sslverify ? 2L : 0L)) {
|
||||||
if (s->cookie) {
|
goto err;
|
||||||
curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
|
}
|
||||||
|
if (s->cookie) {
|
||||||
|
if (curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie)) {
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, (long)s->timeout) ||
|
||||||
|
curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
|
||||||
|
(void *)curl_read_cb) ||
|
||||||
|
curl_easy_setopt(state->curl, CURLOPT_WRITEDATA, (void *)state) ||
|
||||||
|
curl_easy_setopt(state->curl, CURLOPT_PRIVATE, (void *)state) ||
|
||||||
|
curl_easy_setopt(state->curl, CURLOPT_AUTOREFERER, 1) ||
|
||||||
|
curl_easy_setopt(state->curl, CURLOPT_FOLLOWLOCATION, 1) ||
|
||||||
|
curl_easy_setopt(state->curl, CURLOPT_NOSIGNAL, 1) ||
|
||||||
|
curl_easy_setopt(state->curl, CURLOPT_ERRORBUFFER, state->errmsg) ||
|
||||||
|
curl_easy_setopt(state->curl, CURLOPT_FAILONERROR, 1)) {
|
||||||
|
goto err;
|
||||||
}
|
}
|
||||||
curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, (long)s->timeout);
|
|
||||||
curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
|
|
||||||
(void *)curl_read_cb);
|
|
||||||
curl_easy_setopt(state->curl, CURLOPT_WRITEDATA, (void *)state);
|
|
||||||
curl_easy_setopt(state->curl, CURLOPT_PRIVATE, (void *)state);
|
|
||||||
curl_easy_setopt(state->curl, CURLOPT_AUTOREFERER, 1);
|
|
||||||
curl_easy_setopt(state->curl, CURLOPT_FOLLOWLOCATION, 1);
|
|
||||||
curl_easy_setopt(state->curl, CURLOPT_NOSIGNAL, 1);
|
|
||||||
curl_easy_setopt(state->curl, CURLOPT_ERRORBUFFER, state->errmsg);
|
|
||||||
curl_easy_setopt(state->curl, CURLOPT_FAILONERROR, 1);
|
|
||||||
|
|
||||||
if (s->username) {
|
if (s->username) {
|
||||||
curl_easy_setopt(state->curl, CURLOPT_USERNAME, s->username);
|
if (curl_easy_setopt(state->curl, CURLOPT_USERNAME, s->username)) {
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (s->password) {
|
if (s->password) {
|
||||||
curl_easy_setopt(state->curl, CURLOPT_PASSWORD, s->password);
|
if (curl_easy_setopt(state->curl, CURLOPT_PASSWORD, s->password)) {
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (s->proxyusername) {
|
if (s->proxyusername) {
|
||||||
curl_easy_setopt(state->curl,
|
if (curl_easy_setopt(state->curl,
|
||||||
CURLOPT_PROXYUSERNAME, s->proxyusername);
|
CURLOPT_PROXYUSERNAME, s->proxyusername)) {
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (s->proxypassword) {
|
if (s->proxypassword) {
|
||||||
curl_easy_setopt(state->curl,
|
if (curl_easy_setopt(state->curl,
|
||||||
CURLOPT_PROXYPASSWORD, s->proxypassword);
|
CURLOPT_PROXYPASSWORD, s->proxypassword)) {
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Restrict supported protocols to avoid security issues in the more
|
/* Restrict supported protocols to avoid security issues in the more
|
||||||
|
|
@ -499,18 +512,27 @@ static int curl_init_state(BDRVCURLState *s, CURLState *state)
|
||||||
* Restricting protocols is only supported from 7.19.4 upwards.
|
* Restricting protocols is only supported from 7.19.4 upwards.
|
||||||
*/
|
*/
|
||||||
#if LIBCURL_VERSION_NUM >= 0x071304
|
#if LIBCURL_VERSION_NUM >= 0x071304
|
||||||
curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, PROTOCOLS);
|
if (curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, PROTOCOLS) ||
|
||||||
curl_easy_setopt(state->curl, CURLOPT_REDIR_PROTOCOLS, PROTOCOLS);
|
curl_easy_setopt(state->curl, CURLOPT_REDIR_PROTOCOLS, PROTOCOLS)) {
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef DEBUG_VERBOSE
|
#ifdef DEBUG_VERBOSE
|
||||||
curl_easy_setopt(state->curl, CURLOPT_VERBOSE, 1);
|
if (curl_easy_setopt(state->curl, CURLOPT_VERBOSE, 1)) {
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
state->s = s;
|
state->s = s;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
err:
|
||||||
|
curl_easy_cleanup(state->curl);
|
||||||
|
state->curl = NULL;
|
||||||
|
return -EIO;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Called with s->mutex held. */
|
/* Called with s->mutex held. */
|
||||||
|
|
@ -765,10 +787,13 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
|
||||||
}
|
}
|
||||||
|
|
||||||
s->accept_range = false;
|
s->accept_range = false;
|
||||||
curl_easy_setopt(state->curl, CURLOPT_NOBODY, 1);
|
if (curl_easy_setopt(state->curl, CURLOPT_NOBODY, 1) ||
|
||||||
curl_easy_setopt(state->curl, CURLOPT_HEADERFUNCTION,
|
curl_easy_setopt(state->curl, CURLOPT_HEADERFUNCTION, curl_header_cb) ||
|
||||||
curl_header_cb);
|
curl_easy_setopt(state->curl, CURLOPT_HEADERDATA, s)) {
|
||||||
curl_easy_setopt(state->curl, CURLOPT_HEADERDATA, s);
|
pstrcpy(state->errmsg, CURL_ERROR_SIZE,
|
||||||
|
"curl library initialization failed.");
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
if (curl_easy_perform(state->curl))
|
if (curl_easy_perform(state->curl))
|
||||||
goto out;
|
goto out;
|
||||||
if (curl_easy_getinfo(state->curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &d)) {
|
if (curl_easy_getinfo(state->curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &d)) {
|
||||||
|
|
@ -881,9 +906,8 @@ static void curl_setup_preadv(BlockDriverState *bs, CURLAIOCB *acb)
|
||||||
|
|
||||||
snprintf(state->range, 127, "%" PRIu64 "-%" PRIu64, start, end);
|
snprintf(state->range, 127, "%" PRIu64 "-%" PRIu64, start, end);
|
||||||
trace_curl_setup_preadv(acb->bytes, start, state->range);
|
trace_curl_setup_preadv(acb->bytes, start, state->range);
|
||||||
curl_easy_setopt(state->curl, CURLOPT_RANGE, state->range);
|
if (curl_easy_setopt(state->curl, CURLOPT_RANGE, state->range) ||
|
||||||
|
curl_multi_add_handle(s->multi, state->curl) != CURLM_OK) {
|
||||||
if (curl_multi_add_handle(s->multi, state->curl) != CURLM_OK) {
|
|
||||||
state->acb[0] = NULL;
|
state->acb[0] = NULL;
|
||||||
acb->ret = -EIO;
|
acb->ret = -EIO;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue