qga: escape cmdline args when registering win32 service (CVE-2013-2231)
[qemu/qmp-unstable.git] / net / socket.c
blob87af1d3d3962af07d5bce870974aa1194f168ff2
1 /*
2 * QEMU System Emulator
4 * Copyright (c) 2003-2008 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
24 #include "config-host.h"
26 #include "net/net.h"
27 #include "clients.h"
28 #include "monitor/monitor.h"
29 #include "qemu-common.h"
30 #include "qemu/error-report.h"
31 #include "qemu/option.h"
32 #include "qemu/sockets.h"
33 #include "qemu/iov.h"
35 typedef struct NetSocketState {
36 NetClientState nc;
37 int listen_fd;
38 int fd;
39 int state; /* 0 = getting length, 1 = getting data */
40 unsigned int index;
41 unsigned int packet_len;
42 unsigned int send_index; /* number of bytes sent (only SOCK_STREAM) */
43 uint8_t buf[NET_BUFSIZE];
44 struct sockaddr_in dgram_dst; /* contains inet host and port destination iff connectionless (SOCK_DGRAM) */
45 IOHandler *send_fn; /* differs between SOCK_STREAM/SOCK_DGRAM */
46 bool read_poll; /* waiting to receive data? */
47 bool write_poll; /* waiting to transmit data? */
48 } NetSocketState;
50 static void net_socket_accept(void *opaque);
51 static void net_socket_writable(void *opaque);
53 /* Only read packets from socket when peer can receive them */
54 static int net_socket_can_send(void *opaque)
56 NetSocketState *s = opaque;
58 return qemu_can_send_packet(&s->nc);
61 static void net_socket_update_fd_handler(NetSocketState *s)
63 qemu_set_fd_handler2(s->fd,
64 s->read_poll ? net_socket_can_send : NULL,
65 s->read_poll ? s->send_fn : NULL,
66 s->write_poll ? net_socket_writable : NULL,
67 s);
70 static void net_socket_read_poll(NetSocketState *s, bool enable)
72 s->read_poll = enable;
73 net_socket_update_fd_handler(s);
76 static void net_socket_write_poll(NetSocketState *s, bool enable)
78 s->write_poll = enable;
79 net_socket_update_fd_handler(s);
82 static void net_socket_writable(void *opaque)
84 NetSocketState *s = opaque;
86 net_socket_write_poll(s, false);
88 qemu_flush_queued_packets(&s->nc);
91 static ssize_t net_socket_receive(NetClientState *nc, const uint8_t *buf, size_t size)
93 NetSocketState *s = DO_UPCAST(NetSocketState, nc, nc);
94 uint32_t len = htonl(size);
95 struct iovec iov[] = {
97 .iov_base = &len,
98 .iov_len = sizeof(len),
99 }, {
100 .iov_base = (void *)buf,
101 .iov_len = size,
104 size_t remaining;
105 ssize_t ret;
107 remaining = iov_size(iov, 2) - s->send_index;
108 ret = iov_send(s->fd, iov, 2, s->send_index, remaining);
110 if (ret == -1 && errno == EAGAIN) {
111 ret = 0; /* handled further down */
113 if (ret == -1) {
114 s->send_index = 0;
115 return -errno;
117 if (ret < (ssize_t)remaining) {
118 s->send_index += ret;
119 net_socket_write_poll(s, true);
120 return 0;
122 s->send_index = 0;
123 return size;
126 static ssize_t net_socket_receive_dgram(NetClientState *nc, const uint8_t *buf, size_t size)
128 NetSocketState *s = DO_UPCAST(NetSocketState, nc, nc);
129 ssize_t ret;
131 do {
132 ret = qemu_sendto(s->fd, buf, size, 0,
133 (struct sockaddr *)&s->dgram_dst,
134 sizeof(s->dgram_dst));
135 } while (ret == -1 && errno == EINTR);
137 if (ret == -1 && errno == EAGAIN) {
138 net_socket_write_poll(s, true);
139 return 0;
141 return ret;
144 static void net_socket_send(void *opaque)
146 NetSocketState *s = opaque;
147 int size, err;
148 unsigned l;
149 uint8_t buf1[NET_BUFSIZE];
150 const uint8_t *buf;
152 size = qemu_recv(s->fd, buf1, sizeof(buf1), 0);
153 if (size < 0) {
154 err = socket_error();
155 if (err != EWOULDBLOCK)
156 goto eoc;
157 } else if (size == 0) {
158 /* end of connection */
159 eoc:
160 net_socket_read_poll(s, false);
161 net_socket_write_poll(s, false);
162 if (s->listen_fd != -1) {
163 qemu_set_fd_handler(s->listen_fd, net_socket_accept, NULL, s);
165 closesocket(s->fd);
167 s->fd = -1;
168 s->state = 0;
169 s->index = 0;
170 s->packet_len = 0;
171 s->nc.link_down = true;
172 memset(s->buf, 0, sizeof(s->buf));
173 memset(s->nc.info_str, 0, sizeof(s->nc.info_str));
175 return;
177 buf = buf1;
178 while (size > 0) {
179 /* reassemble a packet from the network */
180 switch(s->state) {
181 case 0:
182 l = 4 - s->index;
183 if (l > size)
184 l = size;
185 memcpy(s->buf + s->index, buf, l);
186 buf += l;
187 size -= l;
188 s->index += l;
189 if (s->index == 4) {
190 /* got length */
191 s->packet_len = ntohl(*(uint32_t *)s->buf);
192 s->index = 0;
193 s->state = 1;
195 break;
196 case 1:
197 l = s->packet_len - s->index;
198 if (l > size)
199 l = size;
200 if (s->index + l <= sizeof(s->buf)) {
201 memcpy(s->buf + s->index, buf, l);
202 } else {
203 fprintf(stderr, "serious error: oversized packet received,"
204 "connection terminated.\n");
205 s->state = 0;
206 goto eoc;
209 s->index += l;
210 buf += l;
211 size -= l;
212 if (s->index >= s->packet_len) {
213 qemu_send_packet(&s->nc, s->buf, s->packet_len);
214 s->index = 0;
215 s->state = 0;
217 break;
222 static void net_socket_send_dgram(void *opaque)
224 NetSocketState *s = opaque;
225 int size;
227 size = qemu_recv(s->fd, s->buf, sizeof(s->buf), 0);
228 if (size < 0)
229 return;
230 if (size == 0) {
231 /* end of connection */
232 net_socket_read_poll(s, false);
233 net_socket_write_poll(s, false);
234 return;
236 qemu_send_packet(&s->nc, s->buf, size);
239 static int net_socket_mcast_create(struct sockaddr_in *mcastaddr, struct in_addr *localaddr)
241 struct ip_mreq imr;
242 int fd;
243 int val, ret;
244 #ifdef __OpenBSD__
245 unsigned char loop;
246 #else
247 int loop;
248 #endif
250 if (!IN_MULTICAST(ntohl(mcastaddr->sin_addr.s_addr))) {
251 fprintf(stderr, "qemu: error: specified mcastaddr \"%s\" (0x%08x) "
252 "does not contain a multicast address\n",
253 inet_ntoa(mcastaddr->sin_addr),
254 (int)ntohl(mcastaddr->sin_addr.s_addr));
255 return -1;
258 fd = qemu_socket(PF_INET, SOCK_DGRAM, 0);
259 if (fd < 0) {
260 perror("socket(PF_INET, SOCK_DGRAM)");
261 return -1;
264 val = 1;
265 ret = qemu_setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val));
266 if (ret < 0) {
267 perror("setsockopt(SOL_SOCKET, SO_REUSEADDR)");
268 goto fail;
271 ret = bind(fd, (struct sockaddr *)mcastaddr, sizeof(*mcastaddr));
272 if (ret < 0) {
273 perror("bind");
274 goto fail;
277 /* Add host to multicast group */
278 imr.imr_multiaddr = mcastaddr->sin_addr;
279 if (localaddr) {
280 imr.imr_interface = *localaddr;
281 } else {
282 imr.imr_interface.s_addr = htonl(INADDR_ANY);
285 ret = qemu_setsockopt(fd, IPPROTO_IP, IP_ADD_MEMBERSHIP,
286 &imr, sizeof(struct ip_mreq));
287 if (ret < 0) {
288 perror("setsockopt(IP_ADD_MEMBERSHIP)");
289 goto fail;
292 /* Force mcast msgs to loopback (eg. several QEMUs in same host */
293 loop = 1;
294 ret = qemu_setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP,
295 &loop, sizeof(loop));
296 if (ret < 0) {
297 perror("setsockopt(SOL_IP, IP_MULTICAST_LOOP)");
298 goto fail;
301 /* If a bind address is given, only send packets from that address */
302 if (localaddr != NULL) {
303 ret = qemu_setsockopt(fd, IPPROTO_IP, IP_MULTICAST_IF,
304 localaddr, sizeof(*localaddr));
305 if (ret < 0) {
306 perror("setsockopt(IP_MULTICAST_IF)");
307 goto fail;
311 qemu_set_nonblock(fd);
312 return fd;
313 fail:
314 if (fd >= 0)
315 closesocket(fd);
316 return -1;
319 static void net_socket_cleanup(NetClientState *nc)
321 NetSocketState *s = DO_UPCAST(NetSocketState, nc, nc);
322 if (s->fd != -1) {
323 net_socket_read_poll(s, false);
324 net_socket_write_poll(s, false);
325 close(s->fd);
326 s->fd = -1;
328 if (s->listen_fd != -1) {
329 qemu_set_fd_handler(s->listen_fd, NULL, NULL, NULL);
330 closesocket(s->listen_fd);
331 s->listen_fd = -1;
335 static NetClientInfo net_dgram_socket_info = {
336 .type = NET_CLIENT_OPTIONS_KIND_SOCKET,
337 .size = sizeof(NetSocketState),
338 .receive = net_socket_receive_dgram,
339 .cleanup = net_socket_cleanup,
342 static NetSocketState *net_socket_fd_init_dgram(NetClientState *peer,
343 const char *model,
344 const char *name,
345 int fd, int is_connected)
347 struct sockaddr_in saddr;
348 int newfd;
349 socklen_t saddr_len;
350 NetClientState *nc;
351 NetSocketState *s;
353 /* fd passed: multicast: "learn" dgram_dst address from bound address and save it
354 * Because this may be "shared" socket from a "master" process, datagrams would be recv()
355 * by ONLY ONE process: we must "clone" this dgram socket --jjo
358 if (is_connected) {
359 if (getsockname(fd, (struct sockaddr *) &saddr, &saddr_len) == 0) {
360 /* must be bound */
361 if (saddr.sin_addr.s_addr == 0) {
362 fprintf(stderr, "qemu: error: init_dgram: fd=%d unbound, "
363 "cannot setup multicast dst addr\n", fd);
364 goto err;
366 /* clone dgram socket */
367 newfd = net_socket_mcast_create(&saddr, NULL);
368 if (newfd < 0) {
369 /* error already reported by net_socket_mcast_create() */
370 goto err;
372 /* clone newfd to fd, close newfd */
373 dup2(newfd, fd);
374 close(newfd);
376 } else {
377 fprintf(stderr,
378 "qemu: error: init_dgram: fd=%d failed getsockname(): %s\n",
379 fd, strerror(errno));
380 goto err;
384 nc = qemu_new_net_client(&net_dgram_socket_info, peer, model, name);
386 snprintf(nc->info_str, sizeof(nc->info_str),
387 "socket: fd=%d (%s mcast=%s:%d)",
388 fd, is_connected ? "cloned" : "",
389 inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port));
391 s = DO_UPCAST(NetSocketState, nc, nc);
393 s->fd = fd;
394 s->listen_fd = -1;
395 s->send_fn = net_socket_send_dgram;
396 net_socket_read_poll(s, true);
398 /* mcast: save bound address as dst */
399 if (is_connected) {
400 s->dgram_dst = saddr;
403 return s;
405 err:
406 closesocket(fd);
407 return NULL;
410 static void net_socket_connect(void *opaque)
412 NetSocketState *s = opaque;
413 s->send_fn = net_socket_send;
414 net_socket_read_poll(s, true);
417 static NetClientInfo net_socket_info = {
418 .type = NET_CLIENT_OPTIONS_KIND_SOCKET,
419 .size = sizeof(NetSocketState),
420 .receive = net_socket_receive,
421 .cleanup = net_socket_cleanup,
424 static NetSocketState *net_socket_fd_init_stream(NetClientState *peer,
425 const char *model,
426 const char *name,
427 int fd, int is_connected)
429 NetClientState *nc;
430 NetSocketState *s;
432 nc = qemu_new_net_client(&net_socket_info, peer, model, name);
434 snprintf(nc->info_str, sizeof(nc->info_str), "socket: fd=%d", fd);
436 s = DO_UPCAST(NetSocketState, nc, nc);
438 s->fd = fd;
439 s->listen_fd = -1;
441 /* Disable Nagle algorithm on TCP sockets to reduce latency */
442 socket_set_nodelay(fd);
444 if (is_connected) {
445 net_socket_connect(s);
446 } else {
447 qemu_set_fd_handler(s->fd, NULL, net_socket_connect, s);
449 return s;
452 static NetSocketState *net_socket_fd_init(NetClientState *peer,
453 const char *model, const char *name,
454 int fd, int is_connected)
456 int so_type = -1, optlen=sizeof(so_type);
458 if(getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&so_type,
459 (socklen_t *)&optlen)< 0) {
460 fprintf(stderr, "qemu: error: getsockopt(SO_TYPE) for fd=%d failed\n",
461 fd);
462 closesocket(fd);
463 return NULL;
465 switch(so_type) {
466 case SOCK_DGRAM:
467 return net_socket_fd_init_dgram(peer, model, name, fd, is_connected);
468 case SOCK_STREAM:
469 return net_socket_fd_init_stream(peer, model, name, fd, is_connected);
470 default:
471 /* who knows ... this could be a eg. a pty, do warn and continue as stream */
472 fprintf(stderr, "qemu: warning: socket type=%d for fd=%d is not SOCK_DGRAM or SOCK_STREAM\n", so_type, fd);
473 return net_socket_fd_init_stream(peer, model, name, fd, is_connected);
475 return NULL;
478 static void net_socket_accept(void *opaque)
480 NetSocketState *s = opaque;
481 struct sockaddr_in saddr;
482 socklen_t len;
483 int fd;
485 for(;;) {
486 len = sizeof(saddr);
487 fd = qemu_accept(s->listen_fd, (struct sockaddr *)&saddr, &len);
488 if (fd < 0 && errno != EINTR) {
489 return;
490 } else if (fd >= 0) {
491 qemu_set_fd_handler(s->listen_fd, NULL, NULL, NULL);
492 break;
496 s->fd = fd;
497 s->nc.link_down = false;
498 net_socket_connect(s);
499 snprintf(s->nc.info_str, sizeof(s->nc.info_str),
500 "socket: connection from %s:%d",
501 inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port));
504 static int net_socket_listen_init(NetClientState *peer,
505 const char *model,
506 const char *name,
507 const char *host_str)
509 NetClientState *nc;
510 NetSocketState *s;
511 struct sockaddr_in saddr;
512 int fd, val, ret;
514 if (parse_host_port(&saddr, host_str) < 0)
515 return -1;
517 fd = qemu_socket(PF_INET, SOCK_STREAM, 0);
518 if (fd < 0) {
519 perror("socket");
520 return -1;
522 qemu_set_nonblock(fd);
524 /* allow fast reuse */
525 val = 1;
526 qemu_setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val));
528 ret = bind(fd, (struct sockaddr *)&saddr, sizeof(saddr));
529 if (ret < 0) {
530 perror("bind");
531 closesocket(fd);
532 return -1;
534 ret = listen(fd, 0);
535 if (ret < 0) {
536 perror("listen");
537 closesocket(fd);
538 return -1;
541 nc = qemu_new_net_client(&net_socket_info, peer, model, name);
542 s = DO_UPCAST(NetSocketState, nc, nc);
543 s->fd = -1;
544 s->listen_fd = fd;
545 s->nc.link_down = true;
547 qemu_set_fd_handler(s->listen_fd, net_socket_accept, NULL, s);
548 return 0;
551 static int net_socket_connect_init(NetClientState *peer,
552 const char *model,
553 const char *name,
554 const char *host_str)
556 NetSocketState *s;
557 int fd, connected, ret, err;
558 struct sockaddr_in saddr;
560 if (parse_host_port(&saddr, host_str) < 0)
561 return -1;
563 fd = qemu_socket(PF_INET, SOCK_STREAM, 0);
564 if (fd < 0) {
565 perror("socket");
566 return -1;
568 qemu_set_nonblock(fd);
570 connected = 0;
571 for(;;) {
572 ret = connect(fd, (struct sockaddr *)&saddr, sizeof(saddr));
573 if (ret < 0) {
574 err = socket_error();
575 if (err == EINTR || err == EWOULDBLOCK) {
576 } else if (err == EINPROGRESS) {
577 break;
578 #ifdef _WIN32
579 } else if (err == WSAEALREADY || err == WSAEINVAL) {
580 break;
581 #endif
582 } else {
583 perror("connect");
584 closesocket(fd);
585 return -1;
587 } else {
588 connected = 1;
589 break;
592 s = net_socket_fd_init(peer, model, name, fd, connected);
593 if (!s)
594 return -1;
595 snprintf(s->nc.info_str, sizeof(s->nc.info_str),
596 "socket: connect to %s:%d",
597 inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port));
598 return 0;
601 static int net_socket_mcast_init(NetClientState *peer,
602 const char *model,
603 const char *name,
604 const char *host_str,
605 const char *localaddr_str)
607 NetSocketState *s;
608 int fd;
609 struct sockaddr_in saddr;
610 struct in_addr localaddr, *param_localaddr;
612 if (parse_host_port(&saddr, host_str) < 0)
613 return -1;
615 if (localaddr_str != NULL) {
616 if (inet_aton(localaddr_str, &localaddr) == 0)
617 return -1;
618 param_localaddr = &localaddr;
619 } else {
620 param_localaddr = NULL;
623 fd = net_socket_mcast_create(&saddr, param_localaddr);
624 if (fd < 0)
625 return -1;
627 s = net_socket_fd_init(peer, model, name, fd, 0);
628 if (!s)
629 return -1;
631 s->dgram_dst = saddr;
633 snprintf(s->nc.info_str, sizeof(s->nc.info_str),
634 "socket: mcast=%s:%d",
635 inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port));
636 return 0;
640 static int net_socket_udp_init(NetClientState *peer,
641 const char *model,
642 const char *name,
643 const char *rhost,
644 const char *lhost)
646 NetSocketState *s;
647 int fd, val, ret;
648 struct sockaddr_in laddr, raddr;
650 if (parse_host_port(&laddr, lhost) < 0) {
651 return -1;
654 if (parse_host_port(&raddr, rhost) < 0) {
655 return -1;
658 fd = qemu_socket(PF_INET, SOCK_DGRAM, 0);
659 if (fd < 0) {
660 perror("socket(PF_INET, SOCK_DGRAM)");
661 return -1;
663 val = 1;
664 ret = qemu_setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
665 &val, sizeof(val));
666 if (ret < 0) {
667 perror("setsockopt(SOL_SOCKET, SO_REUSEADDR)");
668 closesocket(fd);
669 return -1;
671 ret = bind(fd, (struct sockaddr *)&laddr, sizeof(laddr));
672 if (ret < 0) {
673 perror("bind");
674 closesocket(fd);
675 return -1;
677 qemu_set_nonblock(fd);
679 s = net_socket_fd_init(peer, model, name, fd, 0);
680 if (!s) {
681 return -1;
684 s->dgram_dst = raddr;
686 snprintf(s->nc.info_str, sizeof(s->nc.info_str),
687 "socket: udp=%s:%d",
688 inet_ntoa(raddr.sin_addr), ntohs(raddr.sin_port));
689 return 0;
692 int net_init_socket(const NetClientOptions *opts, const char *name,
693 NetClientState *peer)
695 const NetdevSocketOptions *sock;
697 assert(opts->kind == NET_CLIENT_OPTIONS_KIND_SOCKET);
698 sock = opts->socket;
700 if (sock->has_fd + sock->has_listen + sock->has_connect + sock->has_mcast +
701 sock->has_udp != 1) {
702 error_report("exactly one of fd=, listen=, connect=, mcast= or udp="
703 " is required");
704 return -1;
707 if (sock->has_localaddr && !sock->has_mcast && !sock->has_udp) {
708 error_report("localaddr= is only valid with mcast= or udp=");
709 return -1;
712 if (sock->has_fd) {
713 int fd;
715 fd = monitor_handle_fd_param(cur_mon, sock->fd);
716 if (fd == -1) {
717 return -1;
719 qemu_set_nonblock(fd);
720 if (!net_socket_fd_init(peer, "socket", name, fd, 1)) {
721 return -1;
723 return 0;
726 if (sock->has_listen) {
727 if (net_socket_listen_init(peer, "socket", name, sock->listen) == -1) {
728 return -1;
730 return 0;
733 if (sock->has_connect) {
734 if (net_socket_connect_init(peer, "socket", name, sock->connect) ==
735 -1) {
736 return -1;
738 return 0;
741 if (sock->has_mcast) {
742 /* if sock->localaddr is missing, it has been initialized to "all bits
743 * zero" */
744 if (net_socket_mcast_init(peer, "socket", name, sock->mcast,
745 sock->localaddr) == -1) {
746 return -1;
748 return 0;
751 assert(sock->has_udp);
752 if (!sock->has_localaddr) {
753 error_report("localaddr= is mandatory with udp=");
754 return -1;
756 if (net_socket_udp_init(peer, "socket", name, sock->udp, sock->localaddr) ==
757 -1) {
758 return -1;
760 return 0;