Displaying 4 results from an estimated 4 matches for "1aff185".
2019 Sep 16
1
[libnbd PATCH] states: Avoid magic number for h->tls
..., "handshake: server is not fixed newstyle, "
- "but handle TLS setting is require (2)");
+ "but handle TLS setting is 'require' (2)");
return 0;
}
diff --git a/generator/states-oldstyle.c b/generator/states-oldstyle.c
index 1aff185..babefc0 100644
--- a/generator/states-oldstyle.c
+++ b/generator/states-oldstyle.c
@@ -46,13 +46,13 @@
gflags = be16toh (h->sbuf.old_handshake.gflags);
eflags = be16toh (h->sbuf.old_handshake.eflags);
- /* Server is unable to upgrade to TLS. If h->tls is not require (2)
+ /* Ser...
2019 Sep 16
2
[LIBNBD SECURITY PATCH 0/1] NBD Protocol Downgrade Attack in libnbd
We discovered a possible Downgrade Attack in libnbd.
Lifecycle
---------
Reported: 2019-09-14 Fixed: 2019-09-16 Published: 2019-09-16
There is no CVE number assigned for this issue yet, but the bug is
being categorized and processed by Red Hat's security team which may
result in a CVE being published later.
Description
-----------
Libnbd includes the method nbd_set_tls(h,
2019 Sep 17
0
[PATCH libnbd 2/2] api: New API for reading NBD protocol.
...>gflags & NBD_FLAG_FIXED_NEWSTYLE) == 0)
+ h->protocol = "newstyle";
+ else
+ h->protocol = "newstyle-fixed";
+
+ SET_NEXT_STATE (%.READY);
+ return 0;
+
} /* END STATE MACHINE */
diff --git a/generator/states-oldstyle.c b/generator/states-oldstyle.c
index 1aff185..cb4f0da 100644
--- a/generator/states-oldstyle.c
+++ b/generator/states-oldstyle.c
@@ -64,6 +64,8 @@
return 0;
}
+ h->protocol = "oldstyle";
+
SET_NEXT_STATE (%.READY);
return 0;
diff --git a/lib/handle.c b/lib/handle.c
index bc4206c..85d10cd 100644
--- a/lib/handle...
2019 Sep 17
3
[PATCH libnbd 1/2] api: Add new API to read whether TLS was negotiated.
When LIBNBD_TLS_ALLOW is used we don't have a way to find out if TLS
was really negotiated. This adds a flag and a way to read it back.
Unfortunately there is no test yet, because LIBNBD_TLS_ALLOW is not
tested -- it really should be but requires quite a complicated set of
tests because ideally we'd like to find out whether it falls back
correctly for all supported servers.
---
TODO