search for: 4d67392

Displaying 3 results from an estimated 3 matches for "4d67392".

2019 Apr 23
4
[PATCH nbdkit 0/2] Be careful not to leak heap memory to the client.
This bug was found by Eric Blake. In the .pread method we allocate a buffer in the server and pass it to the plugin. The plugin is supposed to fill it with data. The buffer was uninitialized so initially contained random heap data, but that's OK provided the plugin fully overwrote it with data. All correctly written plugins ought to do this, however there is the possibility of an
2019 Apr 23
0
[PATCH nbdkit 2/2] server: Zero the read buffer before passing it to plugin .pread method.
...er. - For OCaml, see the previous commit. Of course I cannot check plugins which may be supplied by others. Credit: Eric Blake for finding the bug. --- server/protocol.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/protocol.c b/server/protocol.c index 54d8adb..4d67392 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -658,10 +658,10 @@ protocol_recv_request_send_reply (struct connection *conn) /* Allocate the data buffer used for either read or write requests. */ if (cmd == NBD_CMD_READ || cmd == NBD_CMD_WRITE) { - buf = malloc (count);...
2019 Apr 23
2
Re: [PATCH nbdkit 2/2] server: Zero the read buffer before passing it to plugin .pread method.
...ly if it breaks the promise. The new field won't be set by any existing out-of-tree plugins, and newly written plugins will have the documentation of that particular aspect to make their decision on whether to opt-out. > diff --git a/server/protocol.c b/server/protocol.c > index 54d8adb..4d67392 100644 > --- a/server/protocol.c > +++ b/server/protocol.c > @@ -658,10 +658,10 @@ protocol_recv_request_send_reply (struct connection *conn) > > /* Allocate the data buffer used for either read or write requests. */ > if (cmd == NBD_CMD_READ || cmd == NBD_CMD_WRITE) {...