From: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: Sat, 10 Nov 2018 13:45:40 +0000 (+0400)
Subject: slirp: remove unused EMU_RSH
X-Git-Tag: v4.0.0-rc0~163^2~60
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=2d6cc3d0e77a0d5b4ba4df2cb0d3387881369cfb;p=users%2Fdwmw2%2Fqemu.git

slirp: remove unused EMU_RSH

EMU_RSH handling was dropped in commit
0d62c4cfe21752df4c1d6e2c2398f15d5eaa794a.

The assignment, and subsequent free() of ex_ptr->ex_exec to so->extra
looks unsafe (double free is likely to occur).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
---

diff --git a/slirp/misc.h b/slirp/misc.h
index 64ca88c3b7..94829722cd 100644
--- a/slirp/misc.h
+++ b/slirp/misc.h
@@ -26,7 +26,6 @@ struct ex_list {
 #define EMU_REALAUDIO 0x5
 #define EMU_RLOGIN 0x6
 #define EMU_IDENT 0x7
-#define EMU_RSH 0x8
 
 #define EMU_NOCONNECT 0x10	/* Don't connect */
 
diff --git a/slirp/slirp.c b/slirp/slirp.c
index 0de46084c0..fac7849195 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -1499,8 +1499,6 @@ static int slirp_state_load(QEMUFile *f, void *opaque, int version_id)
         }
         if (!ex_ptr)
             return -EINVAL;
-
-        so->extra = (void *)ex_ptr->ex_exec;
     }
 
     return vmstate_load_state(f, &vmstate_slirp, slirp, version_id);
diff --git a/slirp/socket.c b/slirp/socket.c
index c01d8696af..041ec5061a 100644
--- a/slirp/socket.c
+++ b/slirp/socket.c
@@ -89,10 +89,6 @@ sofree(struct socket *so)
   soqfree(so, &slirp->if_fastq);
   soqfree(so, &slirp->if_batchq);
 
-  if (so->so_emu==EMU_RSH && so->extra) {
-	sofree(so->extra);
-	so->extra=NULL;
-  }
   if (so == slirp->tcp_last_so) {
       slirp->tcp_last_so = &slirp->tcb;
   } else if (so == slirp->udp_last_so) {
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index e7b2baa087..fd7521854e 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -541,7 +541,6 @@ static const struct tos_t tcptos[] = {
 	  {0, 23, IPTOS_LOWDELAY, 0},	/* telnet */
 	  {0, 80, IPTOS_THROUGHPUT, 0},	/* WWW */
 	  {0, 513, IPTOS_LOWDELAY, EMU_RLOGIN|EMU_NOCONNECT},	/* rlogin */
-	  {0, 514, IPTOS_LOWDELAY, EMU_RSH|EMU_NOCONNECT},	/* shell */
 	  {0, 544, IPTOS_LOWDELAY, EMU_KSH},		/* kshell */
 	  {0, 543, IPTOS_LOWDELAY, 0},	/* klogin */
 	  {0, 6667, IPTOS_THROUGHPUT, EMU_IRC},	/* IRC */