From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46733) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQDvw-0001l9-9Y for qemu-devel@nongnu.org; Wed, 28 Jun 2017 10:27:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQDvt-00010P-7n for qemu-devel@nongnu.org; Wed, 28 Jun 2017 10:27:08 -0400 Received: from mx1.redhat.com ([209.132.183.28]:60700) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dQDvs-000100-Ur for qemu-devel@nongnu.org; Wed, 28 Jun 2017 10:27:05 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id ECD8E142890 for ; Wed, 28 Jun 2017 14:27:03 +0000 (UTC) References: <20170611123714.31292-1-mreitz@redhat.com> From: Max Reitz Message-ID: Date: Wed, 28 Jun 2017 16:27:00 +0200 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="GvhwgSjg1iRTAvlaoJEVunEiCmAkgu8Em" Subject: Re: [Qemu-devel] [PATCH] qemu-nbd: Ignore SIGPIPE List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake , qemu-devel@nongnu.org Cc: Paolo Bonzini , P J P This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GvhwgSjg1iRTAvlaoJEVunEiCmAkgu8Em From: Max Reitz To: Eric Blake , qemu-devel@nongnu.org Cc: Paolo Bonzini , P J P Message-ID: Subject: Re: [PATCH] qemu-nbd: Ignore SIGPIPE References: <20170611123714.31292-1-mreitz@redhat.com> In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2017-06-27 19:09, Eric Blake wrote: > On 06/11/2017 07:37 AM, Max Reitz wrote: >> qemu proper has done so for 13 years >> (8a7ddc38a60648257dc0645ab4a05b33d6040063), qemu-img and qemu-io have >> done so for four years (526eda14a68d5b3596be715505289b541288ef2a). >> Ignoring this signal is especially important in qemu-nbd because >> otherwise a client can easily take down the qemu-nbd server by droppin= g >> the connection when the server wants to send something, for example: >> >> $ qemu-nbd -x foo -f raw -t null-co:// & >> [1] 12726 >> $ qemu-io -c quit nbd://localhost/bar >> can't open device nbd://localhost/bar: No export with name 'bar' avail= able >> [1] + 12726 broken pipe qemu-nbd -x foo -f raw -t null-co:// >> >> In this case, the client sends an NBD_OPT_ABORT and closes the >> connection (because it is not required to wait for a reply), but the >> server replies with an NBD_REP_ACK (because it is required to reply). >> >> Signed-off-by: Max Reitz >> --- >=20 > As mentioned in another thread, I'm trying to figure out if this patch > belongs as a third patch to fix CVE-2017-9524, or whether we want to > open a second CVE by considering this a slightly different > denial-of-service attack than what my patches fixed. I think nobody would rip our heads off if we added it to it... I think it's similar in the regard that the NBD server tries to send something to a client that is no longer there, so it crashes (aborting in the original case, due to SIGPIPE here). But strictly speaking it's a different issue, even from the user's perspective: In the original case you kill the server using nmap, here you do so using a real NBD client. Hm, not sure, how hard is it to assign a new CVE? O:-) Max --GvhwgSjg1iRTAvlaoJEVunEiCmAkgu8Em Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEvBAEBCAAZBQJZU7y0EhxtcmVpdHpAcmVkaGF0LmNvbQAKCRD0B9sAYdXPQDIn B/0Ud+AUMcqNRkAtD1ha6mfTpfwWBaV7c4yrafsvng1qkI/xB6pkiS0tUe2hbvBr Lq0uknuFKpD5DkAl6qjkVVCUcE/39p6NECV8EwYZ6QZbQCB2kwjQFEvAAUFuV4yk yU6Fquo9p0ozokOJwm5S4loXjDK/uex81beyztUwAPmHF4KiprKHw2xQ+xouOu2M 0sPElo2Fc8O3lafZoX84H9JooFaKKLECTSgO7UvNxjrMiAlk0Qw/+SpicSoTKpaG l8x2kn7HSb4JhlrOhSKWX2RTY1Beia0iimd/XxTf6EH8KzWUar20YCG5ymQvyOS5 nhpmUYarMDyKEF79ljqtCBtr =SXvf -----END PGP SIGNATURE----- --GvhwgSjg1iRTAvlaoJEVunEiCmAkgu8Em--