Displaying 3 results from an estimated 3 matches for "4d67392".
2019 Apr 23
4
[PATCH nbdkit 0/2] Be careful not to leak heap memory to the client.
This bug was found by Eric Blake.
In the .pread method we allocate a buffer in the server and pass it to
the plugin. The plugin is supposed to fill it with data. The buffer
was uninitialized so initially contained random heap data, but that's
OK provided the plugin fully overwrote it with data. All correctly
written plugins ought to do this, however there is the possibility of
an
2019 Apr 23
0
[PATCH nbdkit 2/2] server: Zero the read buffer before passing it to plugin .pread method.
...er.
- For OCaml, see the previous commit.
Of course I cannot check plugins which may be supplied by others.
Credit: Eric Blake for finding the bug.
---
server/protocol.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/server/protocol.c b/server/protocol.c
index 54d8adb..4d67392 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -658,10 +658,10 @@ protocol_recv_request_send_reply (struct connection *conn)
/* Allocate the data buffer used for either read or write requests. */
if (cmd == NBD_CMD_READ || cmd == NBD_CMD_WRITE) {
- buf = malloc (count);...
2019 Apr 23
2
Re: [PATCH nbdkit 2/2] server: Zero the read buffer before passing it to plugin .pread method.
...ly if it breaks the promise. The new field won't be
set by any existing out-of-tree plugins, and newly written plugins will
have the documentation of that particular aspect to make their decision
on whether to opt-out.
> diff --git a/server/protocol.c b/server/protocol.c
> index 54d8adb..4d67392 100644
> --- a/server/protocol.c
> +++ b/server/protocol.c
> @@ -658,10 +658,10 @@ protocol_recv_request_send_reply (struct connection *conn)
>
> /* Allocate the data buffer used for either read or write requests. */
> if (cmd == NBD_CMD_READ || cmd == NBD_CMD_WRITE) {...