[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 05/18] nbd: Reject unknown request flags
From: |
Eric Blake |
Subject: |
[Qemu-devel] [PATCH 05/18] nbd: Reject unknown request flags |
Date: |
Fri, 8 Apr 2016 16:05:45 -0600 |
The NBD protocol says that clients should not send a command flag
that has not been negotiated (whether by the client requesting an
option during a handshake, or because we advertise support for the
flag in response to NBD_OPT_EXPORT_NAME), and that servers should
reject invalid flags with EINVAL. We were silently ignoring the
flags instead. The client can't rely on our behavior, since it is
their fault for passing the bad flag in the first place, but it's
better to be robust up front than to possibly behave differently
than the client was expecting with the attempted flag.
Signed-off-by: Eric Blake <address@hidden>
---
nbd/server.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/nbd/server.c b/nbd/server.c
index 81afae2..a10294e 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -984,6 +984,11 @@ static ssize_t nbd_co_receive_request(NBDRequest *req,
struct nbd_request *reque
goto out;
}
+ if (request->type & ~NBD_CMD_MASK_COMMAND & ~NBD_CMD_FLAG_FUA) {
+ LOG("unsupported flags (got 0x%x)",
+ request->type & ~NBD_CMD_MASK_COMMAND);
+ return -EINVAL;
+ }
if ((request->from + request->len) < request->from) {
LOG("integer overflow detected! "
"you're probably being attacked");
--
2.5.5
- [Qemu-devel] [RFC PATCH 00/18] NBD protocol additions, Eric Blake, 2016/04/08
- [Qemu-devel] [PATCH 05/18] nbd: Reject unknown request flags,
Eric Blake <=
- [Qemu-devel] [PATCH 04/18] nbd: Detect servers that send unexpected error values, Eric Blake, 2016/04/08
- [Qemu-devel] [PATCH 03/18] nbd: More debug typo fixes, use correct formats, Eric Blake, 2016/04/08
- [Qemu-devel] [PATCH 09/18] nbd: Share common reply-sending code in server, Eric Blake, 2016/04/08
- [Qemu-devel] [PATCH 02/18] nbd: Don't fail handshake on NBD_OPT_LIST descriptions, Eric Blake, 2016/04/08
- [Qemu-devel] [PATCH 14/18] nbd: Implement NBD_OPT_GO on client, Eric Blake, 2016/04/08