Thomas Huth [Mon, 16 May 2022 09:04:10 +0000 (11:04 +0200)] 
src/slirp.h: Bump the minimum Windows version to Windows 7
Windows Vista is not supported by its vendor anymore. Additionally,
glib uses 0x0601 as setting for _WIN32_WINNT since version 2.53.6
already, so unless libslirp is used with a very old version of glib,
we are depending on Windows 7 anyway.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-Id: <
20220516090410.39727-1-thuth@redhat.com>
Samuel Thibault [Wed, 11 May 2022 23:26:32 +0000 (23:26 +0000)] 
Merge branch 'iana' into 'master'
ncsi: Add basic Get Version ID response
See merge request slirp/libslirp!122
Peter Delevoryas [Fri, 3 Dec 2021 05:20:56 +0000 (21:20 -0800)] 
ncsi: Add Get Version ID command
Get Version ID is one of the first commands used in NC-SI, because BMC's
use a lot of OEM NC-SI extensions, and you need to query the device's
manufacturer through Get Version ID before you can decide which OEM
NC-SI extensions to use.
The response format is documented in the NC-SI spec[1]. We're just
setting the NC-SI version supported to 1.0.0 (BCD-encoded[2]) and
returning the manufacturer's ID in network byte-order.
[1] https://www.dmtf.org/sites/default/files/standards/documents/DSP0222_1.0.0.pdf
[2] https://en.wikipedia.org/wiki/Binary-coded_decimal
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Peter Delevoryas [Fri, 3 Dec 2021 05:13:39 +0000 (21:13 -0800)]
ncsi: Pass Slirp structure to response handlers
This will let us use Slirp fields to generate more interesting NC-SI
responses.
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Peter Delevoryas [Thu, 2 Dec 2021 07:54:04 +0000 (23:54 -0800)]
slirp: Add manufacturer's ID
The manufacturer's ID is used in NC-SI commands such as "Get Version ID"
[1]. It is also essential to providing a path towards adding OEM
(non-standardized) NC-SI commands.
This field should be derived from the IANA Private Enterprise Numbers list,
per the NC-SI specification. It may be useful for things besides NC-SI, but
NC-SI responses for BMC's in QEMU are the main use case I have in mind.
Note: I did not add this attribute to slirp_init, since it is deprecated.
[1] https://www.dmtf.org/sites/default/files/standards/documents/DSP0222_1.0.0.pdf
[2] https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Samuel Thibault [Sun, 8 May 2022 16:21:32 +0000 (16:21 +0000)]
Merge branch 'haiku' into 'master'
Add support for Haiku to meson.build
See merge request slirp/libslirp!123
Ivan Holmes [Sun, 8 May 2022 16:14:29 +0000 (17:14 +0100)] 
Add support for Haiku to meson.build
Samuel Thibault [Wed, 4 May 2022 22:12:29 +0000 (22:12 +0000)]
Merge branch 'warnings' into 'master'
win32: declare some local functions as static
See merge request slirp/libslirp!121
Paolo Bonzini [Wed, 4 May 2022 21:53:55 +0000 (23:53 +0200)] 
meson: add extra warnings
Enable extra warnings based no what QEMU uses.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 4 May 2022 21:54:29 +0000 (23:54 +0200)]
win32: declare some local functions as static
These functions do not have a prototype and are not meant to be public.
Declare them as static.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Samuel Thibault [Mon, 2 May 2022 06:41:17 +0000 (06:41 +0000)]
Merge branch 'inet6_bsd' into 'master'
Include <sys/socket.h> and <arpa/inet.h> for AF_INET6 and inet_pton
Closes #58
See merge request slirp/libslirp!120
Samuel Thibault [Sun, 1 May 2022 18:36:15 +0000 (20:36 +0200)]
Include <sys/socket.h> and <arpa/inet.h> for AF_INET6 and inet_pton
Fixes #58
Marc-André Lureau [Wed, 27 Apr 2022 07:04:21 +0000 (07:04 +0000)] 
Merge branch '4.7' into 'master'
Release v4.7.0
See merge request slirp/libslirp!119
Marc-André Lureau [Tue, 26 Apr 2022 09:50:57 +0000 (13:50 +0400)] 
Release v4.7.0
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Marc-André Lureau [Mon, 25 Apr 2022 08:36:12 +0000 (08:36 +0000)]
Merge branch 'opaque-timer' into 'master'
Support for CFI
See merge request slirp/libslirp!117
Paolo Bonzini [Mon, 11 Apr 2022 07:18:54 +0000 (09:18 +0200)]
bump ABI version and age
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 11 Apr 2022 10:24:58 +0000 (12:24 +0200)]
slirp: invoke client callback before creating timers
The introduction of .timer_new_opaque adds an interesting conundrum.
The Slirp* needs to be stored in .timer_new_opaque so that it can be
passed back to slirp_handle_timer, but it is not returned by slirp_new
and slirp_init until after the first call to .timer_new_opaque (which
is in ip6_init). This is a problem for programs that, like QEMU, use
more than one Slirp*.
Fix them by passing the Slirp* to a callback before slirp_new returns,
and initializing the timer afterwards.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Sun, 10 Apr 2022 13:53:43 +0000 (15:53 +0200)]
pingtest: port to timer_new_opaque
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 28 Jul 2021 15:16:06 +0000 (17:16 +0200)]
introduce timer_new_opaque callback
Add a new callback that supports CFI better by avoiding having function pointers
in the external libslirp API. Instead, the new API passes an opaque integer
and requests the application to call a new libslirp function when the timer
expires.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 28 Jul 2021 15:09:19 +0000 (17:09 +0200)]
introduce slirp_timer_new wrapper
In order to support CFI, we would like to avoid passing function pointers out of
libslirp, and instead use opaque integers for the timer callbacks. This patch
introduces an internal API for creating a timer that is based on such a timer
callback.
For now, it receives the id (SLIRP_TIMER_RA is the only one) and calls
slirp->cb->timer_new. The prototype of ra_timer_handler is changed slightly
to fit better with the next patch which introduces a new libslirp function,
to be called on timer expiration.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 28 Jul 2021 15:03:33 +0000 (17:03 +0200)]
icmp6: make ndp_send_ra static
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Samuel Thibault [Sun, 20 Mar 2022 21:02:23 +0000 (22:02 +0100)]
Add sanitizers CI runs
Samuel Thibault [Fri, 4 Mar 2022 18:27:14 +0000 (18:27 +0000)]
Merge branch 'handle-econnaborted' into 'master'
Handle ECONNABORTED from recv
See merge request slirp/libslirp!116
Rich [Fri, 4 Mar 2022 18:17:35 +0000 (18:17 +0000)] 
socket: Handle ECONNABORTED from recv
recv can return ECONNABORTED due to a time-out on the socket. The socket is no longer useable once it enters this state.
Samuel Thibault [Thu, 17 Feb 2022 12:00:28 +0000 (12:00 +0000)]
Merge branch 'bootp-has-prefix' into 'master'
bootp: fix g_str_has_prefix warning/critical
See merge request slirp/libslirp!115
Marc-André Lureau [Thu, 17 Feb 2022 08:07:43 +0000 (12:07 +0400)]
bootp: fix g_str_has_prefix warning/critical
Fixes: commit
60535013c3e ("bootp: add support for UEFI HTTP boot")
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Brett Nash [Thu, 10 Feb 2022 19:02:22 +0000 (11:02 -0800)] 
slirp: Don't duplicate packet in tcp_reass
When debug is enabled, we duplicate the packet in tcp_reass, but ti is still
pointing to the old buffer, resulting in a use after free.
This makes valgrind debugging a little trickier, but makes it
crash a lot less.
Signed-off-by: Brett Nash <nash@fb.com>
Brett Nash [Thu, 10 Feb 2022 19:14:13 +0000 (11:14 -0800)]
Rename insque/remque -> slirp_[ins|rem]que
Avoid a macro translation when not needed, and potentially doing really
weird things to headers.
Marc-André Lureau [Thu, 10 Feb 2022 22:25:37 +0000 (22:25 +0000)]
Merge branch 'debug-fix' into 'master'
mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG
See merge request slirp/libslirp!114
Brett Nash [Thu, 10 Feb 2022 21:46:04 +0000 (21:46 +0000)]
mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG
DEBUG is set by a number of IDEs and development environments (*cough*
xcode *cough*). This means we use mbuf duplication when we don't need
(or expect) it. Change the name to SLIRP_DEBUG to enable this feature.
Signed-off-by: Pablo Fiori <pablofiori@fb.com>
Signed-off-by: Brett Nash <nash@fb.com>
Marc-André Lureau [Wed, 9 Feb 2022 18:15:08 +0000 (22:15 +0400)]
Replace inet_ntoa() with safer inet_ntop()
inet_ntoa() returns a static pointer which is subject to safety issues.
Use the recommended alternative.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Samuel Thibault [Wed, 2 Feb 2022 11:58:14 +0000 (11:58 +0000)]
Merge branch 'libslirp-vmsend' into 'master'
Add VMS_END marker
See merge request slirp/libslirp!112
Dr. David Alan Gilbert [Wed, 2 Feb 2022 10:59:10 +0000 (10:59 +0000)] 
Add VMS_END marker
The migration VMSTATE_END_OF_LIST marker relies on a NULL field
to mark th eend of a list; that's a bit delicate when the marker is
forgotten and the code hits a NULL by luck.
Use an explicit flag to mark the end as well.
See: https://lists.gnu.org/archive/html/qemu-devel/2022-01/msg03025.html
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Samuel Thibault [Tue, 25 Jan 2022 23:41:06 +0000 (23:41 +0000)]
Merge branch 'vendor-class-id' into 'master'
bootp: add support for UEFI HTTP boot
See merge request slirp/libslirp!111
Ignat Korchagin [Tue, 25 Jan 2022 23:10:08 +0000 (23:10 +0000)] 
bootp: add support for UEFI HTTP boot
Current bootp implementation is only one step away from supporting UEFI HTTP
boot in QEMU. The only missing bit is that the UEFI specification [1] requires
a vendor class identifier option (num 60) set to "HTTPClient" string present
in the DHCP response.
OVMF [2] indeed ignores the DHCP response and considers UEFI HTTP boot as
failed, if this option is not present.
With this change one would be able to configure QEMU user networking like
below:
$ qemu ... -nic user,tftp=tftp-root,bootfile=http://10.0.2.2/ipxe.efi
and boot the VM using UEFI HTTP boot instead of TFTP.
[1]: https://uefi.org/sites/default/files/resources/UEFI_Spec_2_9_2021_03_18.pdf
[2]: https://github.com/tianocore/edk2/tree/
5302bd81d9ba0c9e7f2371a81c438ec919ec8e1e/OvmfPkg
Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Samuel Thibault [Mon, 24 Jan 2022 21:28:19 +0000 (21:28 +0000)]
Merge branch 'dns6' into 'master'
IPv6 DNS proxying support
Closes #55
See merge request slirp/libslirp!110
Noah [Mon, 24 Jan 2022 21:28:19 +0000 (21:28 +0000)] 
IPv6 DNS proxying support
Samuel Thibault [Sun, 23 Jan 2022 21:34:41 +0000 (22:34 +0100)]
Add missing scope_id in caching
Samuel Thibault [Sun, 12 Dec 2021 01:04:04 +0000 (02:04 +0100)]
Drop fixed TODO
Samuel Thibault [Sun, 12 Dec 2021 01:03:37 +0000 (01:03 +0000)]
Merge branch 'hostfwd-unix' into 'master'
Support Unix sockets in hostfwd
See merge request slirp/libslirp!103
Nicholas Ngai [Tue, 30 Nov 2021 16:48:46 +0000 (08:48 -0800)] 
socket: Move closesocket(so->s_aux) to sofree
Signed-off-by: Nicholas Ngai <nicholas@ngai.me>
Nicholas Ngai [Tue, 30 Nov 2021 00:30:33 +0000 (16:30 -0800)]
socket: Check so_type instead of so_tcpcb for Unix-to-inet translation
Signed-off-by: Nicholas Ngai <nicholas@ngai.me>
Nicholas Ngai [Tue, 30 Nov 2021 00:22:00 +0000 (16:22 -0800)]
Merge branch 'master' into hostfwd-unix
Signed-off-by: Nicholas Ngai <nicholas@ngai.me>
Nicholas Ngai [Tue, 30 Nov 2021 00:21:17 +0000 (16:21 -0800)]
socket: Add s_aux field to struct socket for storing auxilliary socket
Signed-off-by: Nicholas Ngai <nicholas@ngai.me>
Samuel Thibault [Tue, 30 Nov 2021 00:00:45 +0000 (00:00 +0000)]
Merge branch 'init-so-type' into 'master'
socket: Initialize so_type in socreate
See merge request slirp/libslirp!109
Nicholas Ngai [Mon, 29 Nov 2021 23:54:20 +0000 (15:54 -0800)]
socket: Initialize so_type in socreate
Signed-off-by: Nicholas Ngai <nicholas@ngai.me>
Nicholas Ngai [Sat, 27 Nov 2021 22:22:42 +0000 (14:22 -0800)]
socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0
Signed-off-by: Nicholas Ngai <nicholas@ngai.me>
Samuel Thibault [Sat, 20 Nov 2021 10:20:14 +0000 (10:20 +0000)]
Merge branch 'disable-dhcp' into 'master'
Allow to disable internal DHCP server
See merge request slirp/libslirp!22
Rafael Gieschke [Thu, 18 Nov 2021 21:43:12 +0000 (22:43 +0100)] 
Allow to disable internal DHCP server
Setting `cfg->disable_dhcp` to `true` will disable the internal DHCP server.
Signed-off-by: Rafael Gieschke <rafael@gieschke.de>
Samuel Thibault [Thu, 11 Nov 2021 23:48:41 +0000 (23:48 +0000)]
Merge branch 'pingtest' into 'master'
pingtest: Add a trivial ping test
See merge request slirp/libslirp!91
Samuel Thibault [Thu, 11 Nov 2021 23:48:06 +0000 (23:48 +0000)]
Merge branch 'icmp_raw' into 'master'
icmp: Support falling back on trying a SOCK_RAW socket
See merge request slirp/libslirp!92
Samuel Thibault [Thu, 11 Nov 2021 23:29:51 +0000 (00:29 +0100)]
slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two
Samuel Thibault [Mon, 8 Nov 2021 19:49:58 +0000 (19:49 +0000)]
Merge branch 'ci-slirp4netns' into 'master'
CI: run integration tests with slirp4netns
Closes #50
See merge request slirp/libslirp!107
Akihiro Suda [Mon, 8 Nov 2021 08:28:20 +0000 (17:28 +0900)] 
CI: run integration tests with slirp4netns
Fix issue 50
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Nicholas Ngai [Wed, 13 Oct 2021 00:55:30 +0000 (17:55 -0700)]
socket: Check address family for Unix-to-inet accept translation
Signed-off-by: Nicholas Ngai <nicholas@ngai.me>
Nicholas Ngai [Wed, 13 Oct 2021 00:47:39 +0000 (17:47 -0700)]
socket: Add debug args for tcpx_listen (inet and Unix sockets)
Signed-off-by: Nicholas Ngai <nicholas@ngai.me>
Nicholas Ngai [Tue, 12 Oct 2021 23:57:27 +0000 (16:57 -0700)]
socket: Restore original definition of fhost
Signed-off-by: Nicholas Ngai <nicholas@ngai.me>
Nicholas Ngai [Tue, 12 Oct 2021 23:57:03 +0000 (16:57 -0700)]
socket: Move <sys/un.h> include to socket.h
Signed-off-by: Nicholas Ngai <nicholas@ngai.me>
Samuel Thibault [Thu, 7 Oct 2021 19:56:15 +0000 (19:56 +0000)]
Merge branch 'master' into 'master'
resolv: fix IPv6 resolution on Darwin
See merge request slirp/libslirp!104
Nicholas Ngai [Mon, 27 Sep 2021 21:21:45 +0000 (14:21 -0700)]
Support Unix sockets in hostfwd
QEMU has an issue open
(https://gitlab.com/qemu-project/qemu/-/issues/347) to forward a Unix
domain socket to guest TCP port. Both of these protocols support stream
modes of operation (and user-mode networking can only access the stream
anyway), so this patch enables Unix-to-TCP hostfwds.
Like with localhost hostfwds, the sotranslate_accept function will
translate a Unix domain socket connection to a TCP connection
originating from vhost_addr and a randomized ephemeral port.
Signed-off-by: Nicholas Ngai <nicholas@ngai.me>
osy [Sun, 26 Sep 2021 22:36:00 +0000 (15:36 -0700)] 
resolv: fix IPv6 resolution on Darwin
res_sockaddr_union() has a field for IPv4 and a field for IPv6. When we
used `&servers[i].sin.sin_addr`, it does not return the right address
for IPv6.
Samuel Thibault [Sat, 18 Sep 2021 19:11:01 +0000 (21:11 +0200)]
Use the exact sockaddr size in getnameinfo call
On NetBSD, the sockaddr size passed to getnameinfo must match the
family.
(reworked from the patch suggestion from Yorick Hardy)
Fixes #52
Samuel Thibault [Tue, 14 Sep 2021 20:29:57 +0000 (20:29 +0000)]
Merge branch 'sin6_scope_fix' into 'master'
Initialize sin6_scope_id to zero
See merge request slirp/libslirp!102
Saar Gross [Tue, 14 Sep 2021 01:41:42 +0000 (18:41 -0700)] 
Initialize sin6_scope_id to zero
sin6_scope_id is not explicitly set to zero in tcp_input() which should be OK
for global IPv6 addresses, but seems to fail on Mac OS: if sin6_scope_id ends up
with a value other than zero for global addresses, connect() will fail with "No
route to host".
Tested on Mac OS v11.5.2 but might be an issue on other versions as well.
Signed-off-by: Saar Gross <saar@fb.com>
Signed-off-by: Mohan Kumar Kumar <mohankm@fb.com>
Samuel Thibault [Sat, 4 Sep 2021 23:50:18 +0000 (01:50 +0200)]
slirp_socketpair_with_oob: Connect pair through 127.0.0.1
We do not need the socket to be exposed outside the localhost, and this
reduces the attack surface.
Suggested-by: Akihiro Suda <suda.kyoto@gmail.com>
Marc-André Lureau [Tue, 24 Aug 2021 08:24:28 +0000 (08:24 +0000)]
Merge branch 'libresolv-leak-fix' into 'master'
resolv: fix memory leak when using libresolv
See merge request slirp/libslirp!100
osy [Tue, 24 Aug 2021 02:57:38 +0000 (19:57 -0700)]
resolv: fix memory leak when using libresolv
Samuel Thibault [Mon, 5 Jul 2021 20:31:34 +0000 (20:31 +0000)]
Merge branch 'master' into 'master'
Haiku: proper path to resolv.conf for DNS server
See merge request slirp/libslirp!99
Richard Zak [Mon, 5 Jul 2021 20:31:34 +0000 (20:31 +0000)] 
Haiku: proper path to resolv.conf for DNS server
Samuel Thibault [Sun, 4 Jul 2021 08:59:31 +0000 (08:59 +0000)]
Merge branch 'master' into 'master'
Fix for Haiku
See merge request slirp/libslirp!98
Richard Zak [Sat, 3 Jul 2021 17:17:12 +0000 (13:17 -0400)]
Fix for Haiku
Marc-André Lureau [Mon, 21 Jun 2021 07:40:39 +0000 (07:40 +0000)]
Merge branch 'dhcp-fix' into 'master'
dhcp: Always send DHCP_OPT_LEN bytes in options
Closes #51
See merge request slirp/libslirp!97
Samuel Thibault [Mon, 21 Jun 2021 06:38:32 +0000 (08:38 +0200)]
dhcp: Always send DHCP_OPT_LEN bytes in options
RFC2131 suggests that the options field may be at least 312 bytes.
Some DHCP clients seem to assume that it has to be at least 312 bytes.
Fixes #51
Fixes:
f13cad45b25d92760bb0ad67bec0300a4d7d5275 ("bootp: limit
vendor-specific area to input packet memory buffer")
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Marc-André Lureau [Fri, 18 Jun 2021 08:27:53 +0000 (08:27 +0000)]
Merge branch '4.6.1' into 'master'
Release v4.6.1
See merge request slirp/libslirp!96
Marc-André Lureau [Fri, 18 Jun 2021 07:47:56 +0000 (11:47 +0400)]
Release v4.6.1
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Marc-André Lureau [Fri, 18 Jun 2021 07:43:21 +0000 (07:43 +0000)]
Merge branch 'fix-48' into 'master'
Fix "DHCP broken in libslirp v4.6.0"
Closes #48
See merge request slirp/libslirp!95
Akihiro Suda [Thu, 17 Jun 2021 09:01:32 +0000 (18:01 +0900)]
Fix "DHCP broken in libslirp v4.6.0"
Fix issue 48
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Marc-André Lureau [Mon, 14 Jun 2021 10:56:33 +0000 (14:56 +0400)]
build-sys: forgot to bump version to 4.6.0
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Marc-André Lureau [Wed, 19 May 2021 10:11:08 +0000 (14:11 +0400)]
changelog: post-release
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Marc-André Lureau [Mon, 14 Jun 2021 10:47:04 +0000 (10:47 +0000)]
Merge branch '4.6.0' into 'master'
Release v4.6.0
See merge request slirp/libslirp!94
Marc-André Lureau [Mon, 14 Jun 2021 10:08:17 +0000 (14:08 +0400)]
Release v4.6.0
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Marc-André Lureau [Mon, 14 Jun 2021 10:03:55 +0000 (14:03 +0400)]
Merge remote-tracking branch 'libslirp-private/mtod2'
See merge request slirp/libslirp-private!1
Marc-André Lureau [Fri, 4 Jun 2021 12:40:23 +0000 (16:40 +0400)]
udp: check upd_input buffer size
Fixes: CVE-2021-3594
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/47
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Marc-André Lureau [Fri, 4 Jun 2021 16:01:20 +0000 (20:01 +0400)]
tftp: introduce a header structure
Instead of using a composed structure and potentially reading past the
incoming buffer, use a different structure for the header.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Marc-André Lureau [Fri, 4 Jun 2021 12:34:30 +0000 (16:34 +0400)]
tftp: check tftp_input buffer size
Fixes: CVE-2021-3595
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/46
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Marc-André Lureau [Fri, 4 Jun 2021 12:32:55 +0000 (16:32 +0400)]
upd6: check udp6_input buffer size
Fixes: CVE-2021-3593
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/45
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Marc-André Lureau [Fri, 4 Jun 2021 12:15:14 +0000 (16:15 +0400)]
bootp: check bootp_input buffer size
Fixes: CVE-2021-3592
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/44
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Marc-André Lureau [Fri, 4 Jun 2021 15:25:28 +0000 (19:25 +0400)]
bootp: limit vendor-specific area to input packet memory buffer
sizeof(bootp_t) currently holds DHCP_OPT_LEN. Remove this optional field
from the structure, to help with the following patch checking for
minimal header size. Modify the bootp_reply() function to take the
buffer boundaries and avoiding potential buffer overflow.
Related to CVE-2021-3592.
https://gitlab.freedesktop.org/slirp/libslirp/-/issues/44
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Marc-André Lureau [Fri, 4 Jun 2021 11:58:25 +0000 (15:58 +0400)]
Add mtod_check()
Recent security issues demonstrate the lack of safety care when casting
a mbuf to a particular structure type. At least, it should check that
the buffer is large enough. The following patches will make use of this
function.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Marc-André Lureau [Tue, 8 Jun 2021 12:45:08 +0000 (12:45 +0000)]
Merge branch 'revert-72' into 'master'
Revert "Set macOS deployment target to macOS 10.4"
See merge request slirp/libslirp!93
Marc-André Lureau [Tue, 8 Jun 2021 12:16:09 +0000 (16:16 +0400)]
Revert "Set macOS deployment target to macOS 10.4"
This reverts commit
410e296a52fb274648f8ecf53561eaab4b33c52c (slirp/libslirp!72), as it
causes extra compilation warnings when linking with libraries using a
different version.
Instead, the builder can set CFLAGS manually.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Samuel Thibault [Sun, 6 Jun 2021 20:43:07 +0000 (22:43 +0200)]
pingtest: Add a trivial ping test
This is a simple working example.
Fixes #30
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Samuel Thibault [Mon, 7 Jun 2021 01:05:25 +0000 (03:05 +0200)]
icmp: Support falling back on trying a SOCK_RAW socket
This allows pings provided that the process is running as root (or has some
capability to create raw sockets).
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Samuel Thibault [Sun, 6 Jun 2021 23:22:27 +0000 (01:22 +0200)]
poll_fd: add missing fd registration for UDP and ICMP
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Samuel Thibault [Sun, 6 Jun 2021 22:04:23 +0000 (00:04 +0200)]
icmp: Document the use of UDP echo service
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Samuel Thibault [Sun, 6 Jun 2021 21:25:09 +0000 (23:25 +0200)]
mbuf: Avoid warning
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Samuel Thibault [Sun, 6 Jun 2021 20:43:07 +0000 (22:43 +0200)]
timer_mod: explicit that expire_time is in ms, not ns
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Samuel Thibault [Sun, 6 Jun 2021 15:07:47 +0000 (15:07 +0000)]
Merge branch 'valgrind' into 'master'
mbuf: Add debugging helpers for allocation
See merge request slirp/libslirp!90
Samuel Thibault [Sun, 6 Jun 2021 14:38:14 +0000 (16:38 +0200)]
mbuf: Add debugging helpers for allocation
This adds a few helpers for debugging mbuf allocations when running in
debugging mode (lsan, valgrind, etc.)
- We do not want to cache allocations, so always set M_DOFREE to prevent
us from putting any mbuf in it.
- We want to update the mbuf allocation owner on function call for more
precise leak reporting.
Based on Jeremy Marchand's fuzzing work.
Signed-off-by: jeremy marchand <jeremy.marchand@etu.u-bordeaux.fr>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Samuel Thibault [Sun, 6 Jun 2021 14:35:29 +0000 (16:35 +0200)]
Check that we have the expected room before m_data
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
git://git.qemu.org / libslirp.git / log
