|
From: | Eric Blake |
Subject: | Re: [Qemu-devel] [PATCH v10 10/24] migration: In case of error just end the migration |
Date: | Wed, 7 Mar 2018 20:39:28 -0600 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 |
On 03/07/2018 05:52 AM, Daniel P. Berrangé wrote:
On Wed, Mar 07, 2018 at 11:59:56AM +0100, Juan Quintela wrote:Signed-off-by: Juan Quintela <address@hidden> --- migration/socket.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)Reviewed-by: Daniel P. Berrangé <address@hidden>
It will only return NULL if a client connected & then went away. This should not happen with a "normal" mgmt app usage. On the flip side this allows a malicious network attacker to inflict a denial of service on the migration by simply connecting to target QEMU & immediately exiting. Our "authentication" for migration relies on being able to validate the TLS certs during TLS handshake. So in general we ought to allow repeated incoming connections until we get a successful handshake.
Indeed, our NBD code had some CVE fixes last year where a rogue 'nc' process could cause denial of service by connecting and hanging up immediately, until we fixed it to retry until the first client that actually got past the handshake. We don't need to repeat CVEs like that.
So in fact, I think a better fix here is to simply remove the original 'error_report' line, and ensure we return G_SOURCE_CONTINUE to wait for another incoming connection from the real mgmt app.
-- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
[Prev in Thread] | Current Thread | [Next in Thread] |