scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)
[qemu.git] / util / qemu-openpty.c
1 /*
2 * qemu-openpty.c
3 *
4 * Copyright (c) 2003-2008 Fabrice Bellard
5 * Copyright (c) 2010 Red Hat, Inc.
6 *
7 * Wrapper function qemu_openpty() implementation.
8 *
9 * Permission is hereby granted, free of charge, to any person obtaining a copy
10 * of this software and associated documentation files (the "Software"), to deal
11 * in the Software without restriction, including without limitation the rights
12 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
13 * copies of the Software, and to permit persons to whom the Software is
14 * furnished to do so, subject to the following conditions:
15 *
16 * The above copyright notice and this permission notice shall be included in
17 * all copies or substantial portions of the Software.
18 *
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
22 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
24 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 * THE SOFTWARE.
26 */
27
28 /*
29 * This is not part of oslib-posix.c because this function
30 * uses openpty() which often in -lutil, and if we add this
31 * dependency to oslib-posix.o, every app will have to be
32 * linked with -lutil.
33 */
34
35 #include "qemu/osdep.h"
36 #include "qemu-common.h"
37
38 #if defined(__GLIBC__)
39 # include <pty.h>
40 #elif defined CONFIG_BSD
41 # include <termios.h>
42 # if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
43 # include <libutil.h>
44 # else
45 # include <util.h>
46 # endif
47 #elif defined CONFIG_SOLARIS
48 # include <termios.h>
49 # include <stropts.h>
50 #else
51 # include <termios.h>
52 #endif
53
54 #ifdef __sun__
55 /* Once Solaris has openpty(), this is going to be removed. */
56 static int openpty(int *amaster, int *aslave, char *name,
57 struct termios *termp, struct winsize *winp)
58 {
59 const char *slave;
60 int mfd = -1, sfd = -1;
61
62 *amaster = *aslave = -1;
63
64 mfd = open("/dev/ptmx", O_RDWR | O_NOCTTY);
65 if (mfd < 0)
66 goto err;
67
68 if (grantpt(mfd) == -1 || unlockpt(mfd) == -1)
69 goto err;
70
71 if ((slave = ptsname(mfd)) == NULL)
72 goto err;
73
74 if ((sfd = open(slave, O_RDONLY | O_NOCTTY)) == -1)
75 goto err;
76
77 if (ioctl(sfd, I_PUSH, "ptem") == -1 ||
78 (termp != NULL && tcgetattr(sfd, termp) < 0))
79 goto err;
80
81 if (amaster)
82 *amaster = mfd;
83 if (aslave)
84 *aslave = sfd;
85 if (winp)
86 ioctl(sfd, TIOCSWINSZ, winp);
87
88 return 0;
89
90 err:
91 if (sfd != -1)
92 close(sfd);
93 close(mfd);
94 return -1;
95 }
96
97 static void cfmakeraw (struct termios *termios_p)
98 {
99 termios_p->c_iflag &=
100 ~(IGNBRK|BRKINT|PARMRK|ISTRIP|INLCR|IGNCR|ICRNL|IXON);
101 termios_p->c_oflag &= ~OPOST;
102 termios_p->c_lflag &= ~(ECHO|ECHONL|ICANON|ISIG|IEXTEN);
103 termios_p->c_cflag &= ~(CSIZE|PARENB);
104 termios_p->c_cflag |= CS8;
105
106 termios_p->c_cc[VMIN] = 0;
107 termios_p->c_cc[VTIME] = 0;
108 }
109 #endif
110
111 int qemu_openpty_raw(int *aslave, char *pty_name)
112 {
113 int amaster;
114 struct termios tty;
115 #if defined(__OpenBSD__) || defined(__DragonFly__)
116 char pty_buf[PATH_MAX];
117 #define q_ptsname(x) pty_buf
118 #else
119 char *pty_buf = NULL;
120 #define q_ptsname(x) ptsname(x)
121 #endif
122
123 if (openpty(&amaster, aslave, pty_buf, NULL, NULL) < 0) {
124 return -1;
125 }
126
127 /* Set raw attributes on the pty. */
128 tcgetattr(*aslave, &tty);
129 cfmakeraw(&tty);
130 tcsetattr(*aslave, TCSAFLUSH, &tty);
131
132 if (pty_name) {
133 strcpy(pty_name, q_ptsname(amaster));
134 }
135
136 return amaster;
137 }