From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: qemu-devel@nongnu.org,
Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>,
"open list:Network Block Dev..." <qemu-block@nongnu.org>
Subject: Re: [PATCH v2] nbd/client: Use smarter assert
Date: Tue, 18 Oct 2022 09:41:29 +0100 [thread overview]
Message-ID: <Y05muTwPNKfZSDkB@work-vm> (raw)
In-Reply-To: <20221017191207.1255807-1-eblake@redhat.com>
* Eric Blake (eblake@redhat.com) wrote:
> Assigning strlen() to a uint32_t and then asserting that it isn't too
> large doesn't catch the case of an input string 4G in length.
> Thankfully, the incoming strings can never be that large: if the
> export name or query is reflecting a string the client got from the
> server, we already guarantee that we dropped the NBD connection if the
> server sent more than 32M in a single reply to our NBD_OPT_* request;
> if the export name is coming from qemu, nbd_receive_negotiate()
> asserted that strlen(info->name) <= NBD_MAX_STRING_SIZE; and
> similarly, a query string via x->dirty_bitmap coming from the user was
> bounds-checked in either qemu-nbd or by the limitations of QMP.
> Still, it doesn't hurt to be more explicit in how we write our
> assertions to not have to analyze whether inadvertent wraparound is
> possible.
>
> Fixes: 93676c88 ("nbd: Don't send oversize strings", v4.2.0)
> Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> ---
>
> v2: update subject line and commit message to reflect file being
> touched; adjust a second nearby assertion with the same issue
>
> nbd/client.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/nbd/client.c b/nbd/client.c
> index 30d5383cb1..90a6b7b38b 100644
> --- a/nbd/client.c
> +++ b/nbd/client.c
> @@ -658,11 +658,11 @@ static int nbd_send_meta_query(QIOChannel *ioc, uint32_t opt,
> char *p;
>
> data_len = sizeof(export_len) + export_len + sizeof(queries);
> - assert(export_len <= NBD_MAX_STRING_SIZE);
> + assert(strlen(export) <= NBD_MAX_STRING_SIZE);
> if (query) {
> query_len = strlen(query);
> data_len += sizeof(query_len) + query_len;
> - assert(query_len <= NBD_MAX_STRING_SIZE);
> + assert(strlen(query) <= NBD_MAX_STRING_SIZE);
> } else {
> assert(opt == NBD_OPT_LIST_META_CONTEXT);
> }
> --
> 2.37.3
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2022-10-18 8:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-17 19:12 [PATCH v2] nbd/client: Use smarter assert Eric Blake
2022-10-18 8:41 ` Dr. David Alan Gilbert [this message]
2022-10-18 16:37 ` Philippe Mathieu-Daudé
2022-10-24 11:59 ` Vladimir Sementsov-Ogievskiy
2022-10-31 13:46 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y05muTwPNKfZSDkB@work-vm \
--to=dgilbert@redhat.com \
--cc=eblake@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=vsementsov@yandex-team.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.