From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55479)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1alwbo-0000LW-Er
	for qemu-devel@nongnu.org; Fri, 01 Apr 2016 06:47:21 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1alwbl-0002ir-8X
	for qemu-devel@nongnu.org; Fri, 01 Apr 2016 06:47:20 -0400
Received: from mx1.redhat.com ([209.132.183.28]:56884)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1alwbl-0002if-3A
	for qemu-devel@nongnu.org; Fri, 01 Apr 2016 06:47:17 -0400
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id CFC117F0A0
	for <qemu-devel@nongnu.org>; Fri,  1 Apr 2016 10:47:15 +0000 (UTC)
References: <1459459222-8637-1-git-send-email-eblake@redhat.com>
	<1459459222-8637-4-git-send-email-eblake@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <56FE51AF.1030809@redhat.com>
Date: Fri, 1 Apr 2016 12:47:11 +0200
MIME-Version: 1.0
In-Reply-To: <1459459222-8637-4-git-send-email-eblake@redhat.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 3/3] nbd: Reject unknown request flags
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Eric Blake <eblake@redhat.com>, qemu-devel@nongnu.org



On 31/03/2016 23:20, Eric Blake wrote:
> The NBD protocol says that clients should not send a command flag
> that has not been negotiated (whether by the client requesting an
> option during a handshake, or because we advertise support for the
> flag in response to NBD_OPT_EXPORT_NAME), and that servers should
> reject invalid flags with EINVAL.  We were silently ignoring the
> flags instead.  The client can't rely on our behavior, since it is
> their fault for passing the bad flag in the first place, but it's
> better to be robust up front than to possibly behave differently
> than the client was expecting with the attempted flag.
> 
> Signed-off-by: Eric Blake <eblake@redhat.com>
> ---
>  nbd/server.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/nbd/server.c b/nbd/server.c
> index a590773..31bd9c5 100644
> --- a/nbd/server.c
> +++ b/nbd/server.c
> @@ -974,6 +974,10 @@ static ssize_t nbd_co_receive_request(NBDRequest *req, struct nbd_request *reque
>          goto out;
>      }
> 
> +    if (request->flags & ~NBD_CMD_FLAG_FUA) {
> +        LOG("unsupported flags (got 0x%x)", request->flags);
> +        return -EINVAL;
> +    }
>      if ((request->from + request->len) < request->from) {
>          LOG("integer overflow detected! "
>              "you're probably being attacked");
> 

Queued for 2.6.

Paolo