From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56028)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YYC7D-0007yq-I6
	for qemu-devel@nongnu.org; Wed, 18 Mar 2015 07:26:29 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YYC74-0001nB-GS
	for qemu-devel@nongnu.org; Wed, 18 Mar 2015 07:26:23 -0400
Received: from mail-wg0-x22c.google.com ([2a00:1450:400c:c00::22c]:34875)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YYC74-0001mv-AC
	for qemu-devel@nongnu.org; Wed, 18 Mar 2015 07:26:14 -0400
Received: by wgdm6 with SMTP id m6so32434609wgd.2
	for <qemu-devel@nongnu.org>; Wed, 18 Mar 2015 04:26:13 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Wed, 18 Mar 2015 12:24:59 +0100
Message-Id: <1426677906-51657-13-git-send-email-pbonzini@redhat.com>
In-Reply-To: <1426677906-51657-1-git-send-email-pbonzini@redhat.com>
References: <1426677906-51657-1-git-send-email-pbonzini@redhat.com>
Subject: [Qemu-devel] [PULL 12/19] nbd: Drop unexpected data for NBD_OPT_LIST
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Max Reitz <mreitz@redhat.com>

From: Max Reitz <mreitz@redhat.com>

When requesting the list of exports, no data should be sent. If data is
sent, the NBD server should not just inform the client of the invalid
request, but also drop the data.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1424887718-10800-22-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 nbd.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/nbd.c b/nbd.c
index 563e820..91b7d56 100644
--- a/nbd.c
+++ b/nbd.c
@@ -193,6 +193,26 @@ static ssize_t read_sync(int fd, void *buffer, size_t size)
     return nbd_wr_sync(fd, buffer, size, true);
 }
 
+static ssize_t drop_sync(int fd, size_t size)
+{
+    ssize_t ret, dropped = size;
+    uint8_t *buffer = g_malloc(MIN(65536, size));
+
+    while (size > 0) {
+        ret = read_sync(fd, buffer, MIN(65536, size));
+        if (ret < 0) {
+            g_free(buffer);
+            return ret;
+        }
+
+        assert(ret <= size);
+        size -= ret;
+    }
+
+    g_free(buffer);
+    return dropped;
+}
+
 static ssize_t write_sync(int fd, void *buffer, size_t size)
 {
     int ret;
@@ -303,6 +323,9 @@ static int nbd_handle_list(NBDClient *client, uint32_t length)
 
     csock = client->sock;
     if (length) {
+        if (drop_sync(csock, length) != length) {
+            return -EIO;
+        }
         return nbd_send_rep(csock, NBD_REP_ERR_INVALID, NBD_OPT_LIST);
     }
 
-- 
2.3.0