qemu/include/block
Eric Blake 93676c88d7 nbd: Don't send oversize strings
Qemu as server currently won't accept export names larger than 256
bytes, nor create dirty bitmap names longer than 1023 bytes, so most
uses of qemu as client or server have no reason to get anywhere near
the NBD spec maximum of a 4k limit per string.

However, we weren't actually enforcing things, ignoring when the
remote side violates the protocol on input, and also having several
code paths where we send oversize strings on output (for example,
qemu-nbd --description could easily send more than 4k).  Tighten
things up as follows:

client:
- Perform bounds check on export name and dirty bitmap request prior
  to handing it to server
- Validate that copied server replies are not too long (ignoring
  NBD_INFO_* replies that are not copied is not too bad)
server:
- Perform bounds check on export name and description prior to
  advertising it to client
- Reject client name or metadata query that is too long
- Adjust things to allow full 4k name limit rather than previous
  256 byte limit

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20191114024635.11363-4-eblake@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2019-11-18 16:01:34 -06:00
..
accounting.h block: add empty account cookie type 2019-10-10 10:56:18 +02:00
aio_task.h block: introduce aio task pool 2019-10-10 10:56:17 +02:00
aio-wait.h Clean up decorations and whitespace around header guards 2019-05-13 08:58:55 +02:00
aio.h Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
block_backup.h block/backup: drop unused synchronization interface 2018-12-14 11:52:40 +01:00
block_int.h block: Add bdrv_co_get_self_request() 2019-11-04 09:32:51 +01:00
block-copy.h block/block-copy: increase buffered copy request 2019-10-28 11:22:31 +01:00
block.h block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
blockjob_int.h job: drop job_drain 2019-09-10 08:58:43 +02:00
blockjob.h blockdev: blockdev_mark_auto_del: drop usage of bs->job 2019-06-18 16:41:10 +02:00
dirty-bitmap.h bitmap: Enforce maximum bitmap name length 2019-11-18 16:01:34 -06:00
nbd.h nbd: Don't send oversize strings 2019-11-18 16:01:34 -06:00
nvme.h nvme: fix NSSRS offset in CAP register 2019-11-04 09:21:45 +01:00
qapi.h block/qapi: Clean up how we print to monitor or stdout 2019-04-18 22:18:59 +02:00
qdict.h block: Factor out qobject_input_visitor_new_flat_confused() 2018-06-15 14:49:44 +02:00
raw-aio.h include: Make headers more self-contained 2019-08-16 13:31:51 +02:00
snapshot.h block/snapshot: remove bdrv_snapshot_delete_by_id_or_name 2019-02-25 15:03:18 +01:00
thread-pool.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
throttle-groups.h throttle-groups: fix restart coroutine iothread race 2019-01-24 10:02:28 +00:00
write-threshold.h include: Make headers more self-contained 2019-08-16 13:31:51 +02:00