[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 0/2] Fix NBD CVE-2020-10761
|
From: |
Eric Blake |
|
Subject: |
[PATCH v2 0/2] Fix NBD CVE-2020-10761 |
|
Date: |
Wed, 10 Jun 2020 11:37:39 -0500 |
In qemu 4.2, I accidentally introduced the ability for an NBD client
obeying the specification to kill qemu as NBD server with an assertion
failure when the client requests an unusually long export name, as a
regression from the intended graceful server error message back to the
client.
In v2:
- use strnlen instead of strlen
- malloc a sane string rather than using a static buffer [Vladimir]
- enhance commit message
- tweak iotest to use different abbreviation than qemu-nbd
- add R-b on patch 2
Once this is reviewed, I'll then spin v2 of my NBD pull request.
Eric Blake (2):
nbd/server: Avoid long error message assertions CVE-2020-10761
block: Call attention to truncation of long NBD exports
block.c | 7 +++++--
block/nbd.c | 21 +++++++++++++--------
nbd/server.c | 23 ++++++++++++++++++++---
tests/qemu-iotests/143 | 4 ++++
tests/qemu-iotests/143.out | 2 ++
5 files changed, 44 insertions(+), 13 deletions(-)
--
2.27.0
- [PATCH v2 0/2] Fix NBD CVE-2020-10761,
Eric Blake <=