qemu/nbd
Eric Blake 200650d49f nbd: Don't fail handshake on NBD_OPT_LIST descriptions
The NBD Protocol states that NBD_REP_SERVER may set
'length > sizeof(namelen) + namelen'; in which case the rest
of the packet is a UTF-8 description of the export.  While we
don't know of any NBD servers that send this description yet,
we had better consume the data so we don't choke when we start
to talk to such a server.

Also, a (buggy/malicious) server that replies with length <
sizeof(namelen) would cause us to block waiting for bytes that
the server is not sending, and one that replies with super-huge
lengths could cause us to temporarily allocate up to 4G memory.
Sanity check things before blindly reading incorrectly.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-id: 1460077777-31004-1-git-send-email-eblake@redhat.com
Reviewed-by: Alex Bligh <alex@alex.org.uk>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-15 17:56:56 +02:00
..
client.c nbd: Don't fail handshake on NBD_OPT_LIST descriptions 2016-04-15 17:56:56 +02:00
common.c nbd: do not hang nbd_wr_syncv if outside a coroutine and no available data 2016-04-08 00:07:44 +02:00
Makefile.objs
nbd-internal.h nbd: Avoid bitrot in TRACE() usage 2016-04-08 00:07:43 +02:00
server.c nbd: Don't kill server when client requests unknown option 2016-04-08 00:07:44 +02:00