From: Eduardo Otubo <otubo@redhat.com>
Date: Fri, 29 Sep 2017 12:03:39 +0000 (+0200)
Subject: filter-mirror: segfault when specifying non existent device
X-Git-Tag: v2.11.0-rc0~46^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa1530dec499f7525d2ccaa0e3a876dc8089ed1e;p=thirdparty%2Fqemu.git

filter-mirror: segfault when specifying non existent device

When using filter-mirror like the example below where the interface
'ndev0' does not exist on the host, QEMU crashes into segmentation
fault.

 $ qemu-system-x86_64 -S -machine pc -netdev user,id=ndev0 -object filter-mirror,id=test-object,netdev=ndev0

This happens because the function filter_mirror_setup() does not check
if the device actually exists and still keep on processing calling
qemu_chr_find(). This patch fixes this issue.

Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
---

diff --git a/net/filter-mirror.c b/net/filter-mirror.c
index 90e2c923378..ce0dc23c2aa 100644
--- a/net/filter-mirror.c
+++ b/net/filter-mirror.c
@@ -213,6 +213,12 @@ static void filter_mirror_setup(NetFilterState *nf, Error **errp)
     MirrorState *s = FILTER_MIRROR(nf);
     Chardev *chr;
 
+    if (s->outdev == NULL) {
+        error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, "filter-mirror parameter"\
+                  " 'outdev' cannot be empty");
+        return;
+    }
+
     chr = qemu_chr_find(s->outdev);
     if (chr == NULL) {
         error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,