[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 25/30] nbd: Avoid magic number for NBD max name size
From: |
Paolo Bonzini |
Subject: |
[Qemu-devel] [PULL 25/30] nbd: Avoid magic number for NBD max name size |
Date: |
Thu, 16 Jun 2016 16:16:20 +0200 |
From: Eric Blake <address@hidden>
Declare a constant and use that when determining if an export
name fits within the constraints we are willing to support.
Note that upstream NBD recently documented that clients MUST
support export names of 256 bytes (not including trailing NUL),
and SHOULD support names up to 4096 bytes. 4096 is a bit big
(we would lose benefits of stack-allocation of a name array),
and we already have other limits in place (for example, qcow2
snapshot names are clamped around 1024). So for now, just
stick to the required minimum, as that's easier to audit than
a full-scale support for larger names.
Signed-off-by: Eric Blake <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
---
include/block/nbd.h | 6 ++++++
nbd/client.c | 2 +-
nbd/server.c | 4 ++--
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/include/block/nbd.h b/include/block/nbd.h
index 747bb0a..df1f804 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -77,6 +77,12 @@ enum {
/* Maximum size of a single READ/WRITE data buffer */
#define NBD_MAX_BUFFER_SIZE (32 * 1024 * 1024)
+/* Maximum size of an export name. The NBD spec requires 256 and
+ * suggests that servers support up to 4096, but we stick to only the
+ * required size so that we can stack-allocate the names, and because
+ * going larger would require an audit of more code to make sure we
+ * aren't overflowing some other buffer. */
+#define NBD_MAX_NAME_SIZE 256
ssize_t nbd_wr_syncv(QIOChannel *ioc,
struct iovec *iov,
diff --git a/nbd/client.c b/nbd/client.c
index e8bf9fb..287487c 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -210,7 +210,7 @@ static int nbd_receive_list(QIOChannel *ioc, char **name,
Error **errp)
error_setg(errp, "incorrect option name length");
return -1;
}
- if (namelen > 255) {
+ if (namelen > NBD_MAX_NAME_SIZE) {
error_setg(errp, "export name length too long %" PRIu32, namelen);
return -1;
}
diff --git a/nbd/server.c b/nbd/server.c
index a21b536..ba950973 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -286,13 +286,13 @@ static int nbd_negotiate_handle_list(NBDClient *client,
uint32_t length)
static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length)
{
int rc = -EINVAL;
- char name[256];
+ char name[NBD_MAX_NAME_SIZE + 1];
/* Client sends:
[20 .. xx] export name (length bytes)
*/
TRACE("Checking length");
- if (length > 255) {
+ if (length >= sizeof(name)) {
LOG("Bad length received");
goto fail;
}
--
2.5.5
- [Qemu-devel] [PULL 16/30] vl.c: Add '-L help' which lists data dirs., (continued)
- [Qemu-devel] [PULL 16/30] vl.c: Add '-L help' which lists data dirs., Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 15/30] KVM: use KVM_CAP_MAX_VCPU_ID, Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 17/30] nbd: Use BDRV_REQ_FUA for better FUA where supported, Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 21/30] nbd: Reject unknown request flags, Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 20/30] nbd: Improve server handling of bogus commands, Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 18/30] nbd: More debug typo fixes, use correct formats, Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 19/30] nbd: Quit server after any write error, Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 23/30] nbd: Clean up ioctl handling of qemu-nbd -c, Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 22/30] nbd: Group all Linux-specific ioctl code in one place, Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 26/30] scsi: esp: check buffer length before reading scsi command, Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 25/30] nbd: Avoid magic number for NBD max name size,
Paolo Bonzini <=
- [Qemu-devel] [PULL 24/30] nbd: Detect servers that send unexpected error values, Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 29/30] scsi: esp: make cmdbuf big enough for maximum CDB size, Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 27/30] scsi: esp: respect FIFO invariant after message phase, Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 30/30] vl: smp_parse: cleanups, Paolo Bonzini, 2016/06/16
- [Qemu-devel] [PULL 28/30] scsi: esp: clean up handle_ti/esp_do_dma if s->do_cmd, Paolo Bonzini, 2016/06/16
- Re: [Qemu-devel] [PULL 00/30] KVM, build, NBD, SCSI patches for 2016-06-16, Peter Maydell, 2016/06/16