Bug Summary

File:slirp/misc.c
Location:line 318, column 24
Description:Pass-by-value argument in function call is undefined

Annotated Source Code

1/*
2 * Copyright (c) 1995 Danny Gasparovski.
3 *
4 * Please read the file COPYRIGHT for the
5 * terms and conditions of the copyright.
6 */
7
8#include <slirp.h>
9#include <libslirp.h>
10
11#include "monitor.h"
12
13#ifdef DEBUG
14int slirp_debug = DBG_CALL|DBG_MISC|DBG_ERROR;
15#endif
16
17struct quehead {
18 struct quehead *qh_link;
19 struct quehead *qh_rlink;
20};
21
22inline void
23insqueslirp_insque(void *a, void *b)
24{
25 register struct quehead *element = (struct quehead *) a;
26 register struct quehead *head = (struct quehead *) b;
27 element->qh_link = head->qh_link;
28 head->qh_link = (struct quehead *)element;
29 element->qh_rlink = (struct quehead *)head;
30 ((struct quehead *)(element->qh_link))->qh_rlink
31 = (struct quehead *)element;
32}
33
34inline void
35remqueslirp_remque(void *a)
36{
37 register struct quehead *element = (struct quehead *) a;
38 ((struct quehead *)(element->qh_link))->qh_rlink = element->qh_rlink;
39 ((struct quehead *)(element->qh_rlink))->qh_link = element->qh_link;
40 element->qh_rlink = NULL((void*)0);
41}
42
43int add_exec(struct ex_list **ex_ptr, int do_pty, char *exec,
44 struct in_addr addr, int port)
45{
46 struct ex_list *tmp_ptr;
47
48 /* First, check if the port is "bound" */
49 for (tmp_ptr = *ex_ptr; tmp_ptr; tmp_ptr = tmp_ptr->ex_next) {
50 if (port == tmp_ptr->ex_fport &&
51 addr.s_addr == tmp_ptr->ex_addr.s_addr)
52 return -1;
53 }
54
55 tmp_ptr = *ex_ptr;
56 *ex_ptr = (struct ex_list *)malloc(sizeof(struct ex_list));
57 (*ex_ptr)->ex_fport = port;
58 (*ex_ptr)->ex_addr = addr;
59 (*ex_ptr)->ex_pty = do_pty;
60 (*ex_ptr)->ex_exec = (do_pty == 3) ? exec : strdup(exec);
61 (*ex_ptr)->ex_next = tmp_ptr;
62 return 0;
63}
64
65#ifndef HAVE_STRERROR
66
67/*
68 * For systems with no strerror
69 */
70
71extern int sys_nerr;
72extern char *sys_errlist[];
73
74char *
75strerror(error)
76 int error;
77{
78 if (error < sys_nerr)
79 return sys_errlist[error];
80 else
81 return "Unknown error.";
82}
83
84#endif
85
86
87#ifdef _WIN32
88
89int
90fork_exec(struct socket *so, const char *ex, int do_pty)
91{
92 /* not implemented */
93 return 0;
94}
95
96#else
97
98/*
99 * XXX This is ugly
100 * We create and bind a socket, then fork off to another
101 * process, which connects to this socket, after which we
102 * exec the wanted program. If something (strange) happens,
103 * the accept() call could block us forever.
104 *
105 * do_pty = 0 Fork/exec inetd style
106 * do_pty = 1 Fork/exec using slirp.telnetd
107 * do_ptr = 2 Fork/exec using pty
108 */
109int
110fork_exec(struct socket *so, const char *ex, int do_pty)
111{
112 int s;
113 struct sockaddr_in addr;
114 socklen_t addrlen = sizeof(addr);
115 int opt;
116 const char *argv[256];
117 /* don't want to clobber the original */
118 char *bptr;
119 const char *curarg;
120 int c, i, ret;
121 pid_t pid;
122
123 DEBUG_CALL("fork_exec");
124 DEBUG_ARG("so = %lx", (long)so);
125 DEBUG_ARG("ex = %lx", (long)ex);
126 DEBUG_ARG("do_pty = %lx", (long)do_pty);
127
128 if (do_pty == 2) {
129 return 0;
130 } else {
131 addr.sin_family = AF_INET2;
132 addr.sin_port = 0;
133 addr.sin_addr.s_addr = INADDR_ANY((in_addr_t) 0x00000000);
134
135 if ((s = qemu_socket(AF_INET2, SOCK_STREAMSOCK_STREAM, 0)) < 0 ||
136 bind(s, (struct sockaddr *)&addr, addrlen) < 0 ||
137 listen(s, 1) < 0) {
138 lprint("Error: inet socket: %s\n", strerror(errno(*__errno_location ())));
139 closesocket(s)close(s);
140
141 return 0;
142 }
143 }
144
145 pid = fork();
146 switch(pid) {
147 case -1:
148 lprint("Error: fork failed: %s\n", strerror(errno(*__errno_location ())));
149 close(s);
150 return 0;
151
152 case 0:
153 setsid();
154
155 /* Set the DISPLAY */
156 getsockname(s, (struct sockaddr *)&addr, &addrlen);
157 close(s);
158 /*
159 * Connect to the socket
160 * XXX If any of these fail, we're in trouble!
161 */
162 s = qemu_socket(AF_INET2, SOCK_STREAMSOCK_STREAM, 0);
163 addr.sin_addr = loopback_addr;
164 do {
165 ret = connect(s, (struct sockaddr *)&addr, addrlen);
166 } while (ret < 0 && errno(*__errno_location ()) == EINTR4);
167
168 dup2(s, 0);
169 dup2(s, 1);
170 dup2(s, 2);
171 for (s = getdtablesize() - 1; s >= 3; s--)
172 close(s);
173
174 i = 0;
175 bptr = g_strdup(ex); /* No need to free() this */
176 if (do_pty == 1) {
177 /* Setup "slirp.telnetd -x" */
178 argv[i++] = "slirp.telnetd";
179 argv[i++] = "-x";
180 argv[i++] = bptr;
181 } else
182 do {
183 /* Change the string into argv[] */
184 curarg = bptr;
185 while (*bptr != ' ' && *bptr != (char)0)
186 bptr++;
187 c = *bptr;
188 *bptr++ = (char)0;
189 argv[i++] = strdup(curarg);
190 } while (c);
191
192 argv[i] = NULL((void*)0);
193 execvp(argv[0], (char **)argv);
194
195 /* Ooops, failed, let's tell the user why */
196 fprintf(stderrstderr, "Error: execvp of %s failed: %s\n",
197 argv[0], strerror(errno(*__errno_location ())));
198 close(0); close(1); close(2); /* XXX */
199 exit(1);
200
201 default:
202 qemu_add_child_watch(pid);
203 /*
204 * XXX this could block us...
205 * XXX Should set a timer here, and if accept() doesn't
206 * return after X seconds, declare it a failure
207 * The only reason this will block forever is if socket()
208 * of connect() fail in the child process
209 */
210 do {
211 so->s = accept(s, (struct sockaddr *)&addr, &addrlen);
212 } while (so->s < 0 && errno(*__errno_location ()) == EINTR4);
213 closesocket(s)close(s);
214 opt = 1;
215 setsockopt(so->s, SOL_SOCKET1, SO_REUSEADDR2, (char *)&opt, sizeof(int));
216 opt = 1;
217 setsockopt(so->s, SOL_SOCKET1, SO_OOBINLINE10, (char *)&opt, sizeof(int));
218 socket_set_nonblock(so->s);
219
220 /* Append the telnet options now */
221 if (so->so_m != NULL((void*)0) && do_pty == 1) {
222 sbappend(so, so->so_m);
223 so->so_m = NULL((void*)0);
224 }
225
226 return 1;
227 }
228}
229#endif
230
231#ifndef HAVE_STRDUP
232char *
233strdup(str)
234 const char *str;
235{
236 char *bptr;
237
238 bptr = (char *)malloc(strlen(str)+1);
239 strcpy(bptr, str);
240
241 return bptr;
242}
243#endif
244
245#include "monitor.h"
246
247void lprint(const char *format, ...)
248{
249 va_list args;
250
251 va_start(args, format)__builtin_va_start(args, format);
252 monitor_vprintf(default_mon, format, args);
253 va_end(args)__builtin_va_end(args);
254}
255
256void
257u_sleep(int usec)
258{
259 struct timeval t;
260 fd_set fdset;
261
262 FD_ZERO(&fdset)do { int __d0, __d1; __asm__ __volatile__ ("cld; rep; " "stosq"
: "=c" (__d0), "=D" (__d1) : "a" (0), "0" (sizeof (fd_set) /
sizeof (__fd_mask)), "1" (&((&fdset)->fds_bits)[0
]) : "memory"); } while (0)
;
263
264 t.tv_sec = 0;
265 t.tv_usec = usec * 1000;
266
267 select(0, &fdset, &fdset, &fdset, &t);
268}
269
270void slirp_connection_info(Slirp *slirp, Monitor *mon)
271{
272 const char * const tcpstates[] = {
273 [TCPS_CLOSED0] = "CLOSED",
274 [TCPS_LISTEN1] = "LISTEN",
275 [TCPS_SYN_SENT2] = "SYN_SENT",
276 [TCPS_SYN_RECEIVED3] = "SYN_RCVD",
277 [TCPS_ESTABLISHED4] = "ESTABLISHED",
278 [TCPS_CLOSE_WAIT5] = "CLOSE_WAIT",
279 [TCPS_FIN_WAIT_16] = "FIN_WAIT_1",
280 [TCPS_CLOSING7] = "CLOSING",
281 [TCPS_LAST_ACK8] = "LAST_ACK",
282 [TCPS_FIN_WAIT_29] = "FIN_WAIT_2",
283 [TCPS_TIME_WAIT10] = "TIME_WAIT",
284 };
285 struct in_addr dst_addr;
286 struct sockaddr_in src;
287 socklen_t src_len;
288 uint16_t dst_port;
289 struct socket *so;
290 const char *state;
291 char buf[20];
292
293 monitor_printf(mon, " Protocol[State] FD Source Address Port "
294 "Dest. Address Port RecvQ SendQ\n");
295
296 for (so = slirp->tcb.so_next; so != &slirp->tcb; so = so->so_next) {
1
Loop condition is true. Entering loop body
297 if (so->so_state & SS_HOSTFWD0x1000) {
2
Taking true branch
298 state = "HOST_FORWARD";
299 } else if (so->so_tcpcb) {
300 state = tcpstates[so->so_tcpcb->t_state];
301 } else {
302 state = "NONE";
303 }
304 if (so->so_state & (SS_HOSTFWD0x1000 | SS_INCOMING0x2000)) {
3
Taking true branch
305 src_len = sizeof(src);
306 getsockname(so->s, (struct sockaddr *)&src, &src_len);
307 dst_addr = so->so_laddr;
308 dst_port = so->so_lport;
309 } else {
310 src.sin_addr = so->so_laddr;
311 src.sin_port = so->so_lport;
312 dst_addr = so->so_faddr;
313 dst_port = so->so_fport;
314 }
315 snprintf(buf, sizeof(buf), " TCP[%s]", state);
316 monitor_printf(mon, "%-19s %3d %15s %5d ", buf, so->s,
317 src.sin_addr.s_addr ? inet_ntoa(src.sin_addr) : "*",
318 ntohs(src.sin_port));
4
Pass-by-value argument in function call is undefined
319 monitor_printf(mon, "%15s %5d %5d %5d\n",
320 inet_ntoa(dst_addr), ntohs(dst_port),
321 so->so_rcv.sb_cc, so->so_snd.sb_cc);
322 }
323
324 for (so = slirp->udb.so_next; so != &slirp->udb; so = so->so_next) {
325 if (so->so_state & SS_HOSTFWD0x1000) {
326 snprintf(buf, sizeof(buf), " UDP[HOST_FORWARD]");
327 src_len = sizeof(src);
328 getsockname(so->s, (struct sockaddr *)&src, &src_len);
329 dst_addr = so->so_laddr;
330 dst_port = so->so_lport;
331 } else {
332 snprintf(buf, sizeof(buf), " UDP[%d sec]",
333 (so->so_expire - curtime) / 1000);
334 src.sin_addr = so->so_laddr;
335 src.sin_port = so->so_lport;
336 dst_addr = so->so_faddr;
337 dst_port = so->so_fport;
338 }
339 monitor_printf(mon, "%-19s %3d %15s %5d ", buf, so->s,
340 src.sin_addr.s_addr ? inet_ntoa(src.sin_addr) : "*",
341 ntohs(src.sin_port));
342 monitor_printf(mon, "%15s %5d %5d %5d\n",
343 inet_ntoa(dst_addr), ntohs(dst_port),
344 so->so_rcv.sb_cc, so->so_snd.sb_cc);
345 }
346
347 for (so = slirp->icmp.so_next; so != &slirp->icmp; so = so->so_next) {
348 snprintf(buf, sizeof(buf), " ICMP[%d sec]",
349 (so->so_expire - curtime) / 1000);
350 src.sin_addr = so->so_laddr;
351 dst_addr = so->so_faddr;
352 monitor_printf(mon, "%-19s %3d %15s - ", buf, so->s,
353 src.sin_addr.s_addr ? inet_ntoa(src.sin_addr) : "*");
354 monitor_printf(mon, "%15s - %5d %5d\n", inet_ntoa(dst_addr),
355 so->so_rcv.sb_cc, so->so_snd.sb_cc);
356 }
357}