From: Eric Blake <eblake@redhat.com>
To: qemu-devel@nongnu.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
"open list:Network Block Dev..." <qemu-block@nongnu.org>
Subject: [Qemu-devel] [PULL 06/12] nbd/server: Refactor zero-length option check
Date: Mon, 30 Oct 2017 21:56:30 +0100 [thread overview]
Message-ID: <20171030205636.14236-7-eblake@redhat.com> (raw)
In-Reply-To: <20171030205636.14236-1-eblake@redhat.com>
Consolidate the response for a non-zero-length option payload
into a new function, nbd_reject_length(). This check will
also be used when introducing support for structured replies.
Note that STARTTLS response differs based on time: if the connection
is still unencrypted, we set fatal to true (a client that can't
request TLS correctly may still think that we are ready to start
the TLS handshake, so we must disconnect); while if the connection
is already encrypted, the client is sending a bogus request but
is no longer at risk of being confused by continuing the connection.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20171027104037.8319-7-eblake@redhat.com>
[eblake: correct return value on STARTTLS]
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
nbd/server.c | 74 +++++++++++++++++++++++++++++++++++++-----------------------
1 file changed, 46 insertions(+), 28 deletions(-)
diff --git a/nbd/server.c b/nbd/server.c
index 2f03059b4c..cf815603a6 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -253,21 +253,10 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp,
/* Process the NBD_OPT_LIST command, with a potential series of replies.
* Return -errno on error, 0 on success. */
-static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length,
- Error **errp)
+static int nbd_negotiate_handle_list(NBDClient *client, Error **errp)
{
NBDExport *exp;
- if (length) {
- if (nbd_drop(client->ioc, length, errp) < 0) {
- return -EIO;
- }
- return nbd_negotiate_send_rep_err(client->ioc,
- NBD_REP_ERR_INVALID, NBD_OPT_LIST,
- errp,
- "OPT_LIST should not have length");
- }
-
/* For each export, send a NBD_REP_SERVER reply. */
QTAILQ_FOREACH(exp, &exports, next) {
if (nbd_negotiate_send_rep_list(client->ioc, exp, errp)) {
@@ -531,7 +520,6 @@ static int nbd_negotiate_handle_info(NBDClient *client, uint32_t length,
/* Handle NBD_OPT_STARTTLS. Return NULL to drop connection, or else the
* new channel for all further (now-encrypted) communication. */
static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
- uint32_t length,
Error **errp)
{
QIOChannel *ioc;
@@ -540,15 +528,6 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
trace_nbd_negotiate_handle_starttls();
ioc = client->ioc;
- if (length) {
- if (nbd_drop(ioc, length, errp) < 0) {
- return NULL;
- }
- nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS,
- errp,
- "OPT_STARTTLS should not have length");
- return NULL;
- }
if (nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK,
NBD_OPT_STARTTLS, errp) < 0) {
@@ -584,6 +563,34 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
return QIO_CHANNEL(tioc);
}
+/* nbd_reject_length: Handle any unexpected payload.
+ * @fatal requests that we quit talking to the client, even if we are able
+ * to successfully send an error to the guest.
+ * Return:
+ * -errno transmission error occurred or @fatal was requested, errp is set
+ * 0 error message successfully sent to client, errp is not set
+ */
+static int nbd_reject_length(NBDClient *client, uint32_t length,
+ uint32_t option, bool fatal, Error **errp)
+{
+ int ret;
+
+ assert(length);
+ if (nbd_drop(client->ioc, length, errp) < 0) {
+ return -EIO;
+ }
+ ret = nbd_negotiate_send_rep_err(client->ioc, NBD_REP_ERR_INVALID,
+ option, errp,
+ "option '%s' should have zero length",
+ nbd_opt_lookup(option));
+ if (fatal && !ret) {
+ error_setg(errp, "option '%s' should have zero length",
+ nbd_opt_lookup(option));
+ return -EINVAL;
+ }
+ return ret;
+}
+
/* nbd_negotiate_options
* Process all NBD_OPT_* client option commands, during fixed newstyle
* negotiation.
@@ -674,7 +681,13 @@ static int nbd_negotiate_options(NBDClient *client, uint16_t myflags,
}
switch (option) {
case NBD_OPT_STARTTLS:
- tioc = nbd_negotiate_handle_starttls(client, length, errp);
+ if (length) {
+ /* Unconditionally drop the connection if the client
+ * can't start a TLS negotiation correctly */
+ return nbd_reject_length(client, length, option, true,
+ errp);
+ }
+ tioc = nbd_negotiate_handle_starttls(client, errp);
if (!tioc) {
return -EIO;
}
@@ -710,7 +723,12 @@ static int nbd_negotiate_options(NBDClient *client, uint16_t myflags,
} else if (fixedNewstyle) {
switch (option) {
case NBD_OPT_LIST:
- ret = nbd_negotiate_handle_list(client, length, errp);
+ if (length) {
+ ret = nbd_reject_length(client, length, option, false,
+ errp);
+ } else {
+ ret = nbd_negotiate_handle_list(client, errp);
+ }
break;
case NBD_OPT_ABORT:
@@ -736,10 +754,10 @@ static int nbd_negotiate_options(NBDClient *client, uint16_t myflags,
break;
case NBD_OPT_STARTTLS:
- if (nbd_drop(client->ioc, length, errp) < 0) {
- return -EIO;
- }
- if (client->tlscreds) {
+ if (length) {
+ ret = nbd_reject_length(client, length, option, false,
+ errp);
+ } else if (client->tlscreds) {
ret = nbd_negotiate_send_rep_err(client->ioc,
NBD_REP_ERR_INVALID,
option, errp,
--
2.13.6
next prev parent reply other threads:[~2017-10-30 20:57 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-30 20:56 [Qemu-devel] [PULL 00/12] NBD patches prior to 2.11 soft freeze Eric Blake
2017-10-30 20:56 ` [Qemu-devel] [PULL 01/12] nbd: Include error names in trace messages Eric Blake
2017-10-30 20:56 ` [Qemu-devel] [PULL 02/12] nbd: Move nbd_errno_to_system_errno() to public header Eric Blake
2017-10-30 20:56 ` [Qemu-devel] [PULL 03/12] nbd: Expose constants and structs for structured read Eric Blake
2017-10-30 20:56 ` [Qemu-devel] [PULL 04/12] nbd/server: Report error for write to read-only export Eric Blake
2017-10-30 20:56 ` [Qemu-devel] [PULL 05/12] nbd/server: Simplify nbd_negotiate_options loop Eric Blake
2017-10-30 20:56 ` Eric Blake [this message]
2017-10-30 20:56 ` [Qemu-devel] [PULL 07/12] nbd: Minimal structured read for server Eric Blake
2017-10-30 20:56 ` [Qemu-devel] [PULL 08/12] nbd/server: Include human-readable message in structured errors Eric Blake
2017-10-30 20:56 ` [Qemu-devel] [PULL 09/12] nbd/client: refactor nbd_receive_starttls Eric Blake
2017-10-30 20:56 ` [Qemu-devel] [PULL 10/12] nbd/client: prepare nbd_receive_reply for structured reply Eric Blake
2017-10-30 20:56 ` [Qemu-devel] [PULL 11/12] nbd: Move nbd_read() to common header Eric Blake
2017-10-30 20:56 ` [Qemu-devel] [PULL 12/12] nbd: Minimal structured read for client Eric Blake
2017-10-31 14:27 ` [Qemu-devel] [PULL 00/12] NBD patches prior to 2.11 soft freeze Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171030205636.14236-7-eblake@redhat.com \
--to=eblake@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).