From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36219) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCt1A-0008J6-T5 for qemu-devel@nongnu.org; Tue, 14 Jun 2016 14:24:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bCt18-00051k-Me for qemu-devel@nongnu.org; Tue, 14 Jun 2016 14:24:51 -0400 References: <1463006384-7734-1-git-send-email-eblake@redhat.com> <1463006384-7734-5-git-send-email-eblake@redhat.com> <7c7619a2-a6f3-c30c-c8d0-aac1f96ae661@redhat.com> From: Eric Blake Message-ID: <57604BE9.80408@redhat.com> Date: Tue, 14 Jun 2016 12:24:41 -0600 MIME-Version: 1.0 In-Reply-To: <7c7619a2-a6f3-c30c-c8d0-aac1f96ae661@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Gs7KTnRP705ctILgH1BWGpuRmxc2qsgx9" Subject: Re: [Qemu-devel] [PATCH v4 04/11] nbd: Improve server handling of bogus commands List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paolo Bonzini , qemu-devel@nongnu.org Cc: qemu-block@nongnu.org, alex@alex.org.uk This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Gs7KTnRP705ctILgH1BWGpuRmxc2qsgx9 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 06/13/2016 06:19 AM, Paolo Bonzini wrote: >=20 >=20 > On 12/05/2016 00:39, Eric Blake wrote: >> We have a few bugs in how we handle invalid client commands: >> >> - A client can send an NBD_CMD_DISC where from + len overflows, >> convincing us to reply with an error and stay connected, even >> though the protocol requires us to silently disconnect. Fix by >> hoisting the special case sooner. >> > It's simpler to always set req->complete. Putting everything together:= >=20 > diff --git a/nbd/server.c b/nbd/server.c > @@ -1213,12 +1218,9 @@ static void nbd_trip(void *opaque) > LOG("invalid request type (%" PRIu32 ") received", request.typ= e); > reply.error =3D EINVAL; > error_reply: > - /* We must disconnect after replying with an error to > - * NBD_CMD_READ, since we choose not to send bogus filler > - * data; likewise after NBD_CMD_WRITE if we did not read the > - * payload. */ > - if (nbd_co_send_reply(req, &reply, 0) < 0 || command =3D=3D NB= D_CMD_READ || > - (command =3D=3D NBD_CMD_WRITE && !req->complete)) { > + /* We must disconnect after NBD_CMD_WRITE if we did not > + * read the payload. */ > + if (nbd_co_send_reply(req, &reply, 0) < 0 || !req->complete)) = { This doesn't even compile (too many ')'). I assume you'll fix that before your actual pull request goes out. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --Gs7KTnRP705ctILgH1BWGpuRmxc2qsgx9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJXYEvpAAoJEKeha0olJ0NqHxkIAJjpVGGP+57oJaHtqVqYTdJA bfFGHyw/hVYo6JMxbZPCP57eCPFfr/KEQLcuu8yE7AtjmByPoDQo++0nA4n2LsYS TttR+79biOxzVSnkeNi6xBBzrq1ZPcj3nE1+dfaphicKOj6mI0WV8NH7KReCVKcw OxHcWlOzvP4MmGQt+dCa0Ab8lG8rm2SsatZ9KjjMCb6RwcoHAuqXxl/O/YmkZAs5 d++hOONPG14fWPMOoayxrpGzTGK8Ty8+fa+L+cWRFtRmwtvuAjQKzo16zeSSJcG+ xE6QjvWooraXSb1ZJ+4zXrhEH1LvCSIIUNJstAB6L+bG6mHi2F+RQPnGOjhLKh4= =9r4O -----END PGP SIGNATURE----- --Gs7KTnRP705ctILgH1BWGpuRmxc2qsgx9--