qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 06/18] nbd: Avoid magic number for NBD max name size


From: Eric Blake
Subject: [Qemu-devel] [PATCH 06/18] nbd: Avoid magic number for NBD max name size
Date: Fri, 8 Apr 2016 16:05:46 -0600

Declare a constant and use that when determining if an export
name fits within the constraints we are willing to support.

Signed-off-by: Eric Blake <address@hidden>
---
 include/block/nbd.h | 2 ++
 nbd/client.c        | 2 +-
 nbd/server.c        | 4 ++--
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index b86a976..3f047bf 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -76,6 +76,8 @@ enum {

 /* Maximum size of a single READ/WRITE data buffer */
 #define NBD_MAX_BUFFER_SIZE (32 * 1024 * 1024)
+/* Maximum size of an export name */
+#define NBD_MAX_NAME_SIZE 255

 ssize_t nbd_wr_syncv(QIOChannel *ioc,
                      struct iovec *iov,
diff --git a/nbd/client.c b/nbd/client.c
index c834587..00f9244 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -210,7 +210,7 @@ static int nbd_receive_list(QIOChannel *ioc, char **name, 
Error **errp)
             error_setg(errp, "incorrect option name length");
             return -1;
         }
-        if (namelen > 255) {
+        if (namelen > NBD_MAX_NAME_SIZE) {
             error_setg(errp, "export name length too long %" PRIu32, namelen);
             return -1;
         }
diff --git a/nbd/server.c b/nbd/server.c
index a10294e..5414c49 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -285,13 +285,13 @@ static int nbd_negotiate_handle_list(NBDClient *client, 
uint32_t length)
 static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length)
 {
     int rc = -EINVAL;
-    char name[256];
+    char name[NBD_MAX_NAME_SIZE + 1];

     /* Client sends:
         [20 ..  xx]   export name (length bytes)
      */
     TRACE("Checking length");
-    if (length > 255) {
+    if (length >= sizeof(name)) {
         LOG("Bad length received");
         goto fail;
     }
-- 
2.5.5




reply via email to

[Prev in Thread] Current Thread [Next in Thread]