Displaying 1 result from an estimated 1 matches for "1x00".
Did you mean:
100
2018 Dec 21
1
[nbdkit PATCH] connections: Don't use uninit memory on early client EOF
Fuzzing with afl found a bug where a 27 byte client sequence
can cause nbdkit to report a strange error message:
$ printf %s $'000\1IHAVEOPT000\6'$'000\7'$'000\1x00' | tr 0 '\0' |
./nbdkit -s memory size=1m >/dev/null
nbdkit: memory: error: client exceeded maximum number of options (32)
The culprit? The client is hanging up on a message boundary,
so conn->recv() returns 0 for EOF instead of -1 for read error,
and our code blindly continues...