Displaying 2 results from an estimated 2 matches for "d0ef6a5".
2017 Nov 15
3
[nbdkit PATCH 0/2] Better response to bogus NBD_CMD_READ
When facing a malicious client that is sending bogus NBD_CMD_READ,
we should make sure that we never end up in a situation where we
could try to treat the tail from a command that we diagnosed as
bad as being further commands.
Eric Blake (2):
connections: Report mid-message EOF as fatal
connections: Hang up early on insanely large WRITE requests
src/connections.c | 35
2017 Nov 15
0
[nbdkit PATCH 2/2] connections: Hang up early on insanely large WRITE requests
...ror message reply, we'd still
be out of sync for further reads, so the simplest option is to
just silently disconnect.
Signed-off-by: Eric Blake <eblake@redhat.com>
---
src/connections.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/connections.c b/src/connections.c
index d0ef6a5..8dc1925 100644
--- a/src/connections.c
+++ b/src/connections.c
@@ -879,6 +879,11 @@ skip_over_write_buffer (int sock, size_t count)
char buf[BUFSIZ];
ssize_t r;
+ if (count > MAX_REQUEST_SIZE * 2) {
+ nbdkit_error ("write request too large to skip");
+ return -1;
+ }
+...