Re: [Qemu-devel] [PATCH v2 for-2.6] nbd: Don't kill server on client that doesn't request TLS

[Max Reitz <mreitz@redhat.com>]

[-- Attachment #1.1: Type: text/plain, Size: 1616 bytes --]

On 15.04.2016 00:02, Eric Blake wrote:
> Upstream NBD documents (as of commit 4feebc95) that servers MAY
> choose to operate in a conditional mode, where it is up to the
> client whether to use TLS.  For qemu's case, we want to always be
> in FORCEDTLS mode, because of the risk of man-in-the-middle
> attacks, and since we never export more than one device; likewise,
> the qemu client will ALWAYS send NBD_OPT_STARTTLS as its first
> option.  But now that SELECTIVETLS servers exist, it is feasible
> to encounter a (non-qemu) client that is programmed to talk to
> such a server, and does not do NBD_OPT_STARTTLS first, but rather
> wants to probe if it can use a non-encrypted export.
> 
> The NBD protocol documents that we should let such a client
> continue trying, on the grounds that maybe the client will get the
> hint to send NBD_OPT_STARTTLS, rather than immediately dropping
> the connection.
> 
> Note that NBD_OPT_EXPORT_NAME is a special case: since it is the
> only option request that can't have an error return, we have to
> (continue to) drop the connection on that one; rather, what we are
> fixing here is that all other replies prior to TLS initiation tell
> the client NBD_REP_ERR_TLS_REQD, but keep the connection alive.
> 
> Signed-off-by: Eric Blake <eblake@redhat.com>
> ---
> 
> In v2: tweak commit message, continue to drop connection on
> NBD_OPT_EXPORT_NAME
> 
>  nbd/server.c | 15 +++++++++++++--
>  1 file changed, 13 insertions(+), 2 deletions(-)

Thanks Eric, applied to my block branch:

https://github.com/XanClic/qemu/commits/block

Max


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]