diff options
| author | Eric Blake <eblake@redhat.com> | 2016-05-11 16:39:37 -0600 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2016-06-16 18:39:05 +0200 |
| commit | 29b6c3b319acb85b2f025bffebb8ed9b3a83602a (patch) | |
| tree | 6bffe6d65e08ebea4502012d350f59e223889cbb /user-exec.c | |
| parent | 63d5ef869e5e57de4875cd64b6f197cbb5763adf (diff) | |
| download | qemu-29b6c3b319acb85b2f025bffebb8ed9b3a83602a.zip qemu-29b6c3b319acb85b2f025bffebb8ed9b3a83602a.tar.gz qemu-29b6c3b319acb85b2f025bffebb8ed9b3a83602a.tar.bz2 | |
nbd: Improve server handling of bogus commands
We have a few bugs in how we handle invalid client commands:
- A client can send an NBD_CMD_DISC where from + len overflows,
convincing us to reply with an error and stay connected, even
though the protocol requires us to silently disconnect. Fix by
hoisting the special case sooner.
- A client can send an NBD_CMD_WRITE where from + len overflows,
where we reply to the client with EINVAL without consuming the
payload; this will normally cause us to fail if the next thing
read is not the right magic, but in rare cases, could cause us
to interpret the data payload as valid commands and do things
not requested by the client. Fix by adding a complete flag to
track whether we are in sync or must disconnect.
Furthermore, we have split the checks for bogus from/len across
two functions, when it is easier to do it all at once.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1463006384-7734-5-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'user-exec.c')
0 files changed, 0 insertions, 0 deletions