Re: [PATCH v3 02/14] nbd/client: Add safety check on chunk payload lengt

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 02/14] nbd/client: Add safety check on chunk payload lengt

From:	Vladimir Sementsov-Ogievskiy
Subject:	Re: [PATCH v3 02/14] nbd/client: Add safety check on chunk payload length
Date:	Mon, 29 May 2023 11:25:17 +0300
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0

On 15.05.23 22:53, Eric Blake wrote:

Our existing use of structured replies either reads into a qiov capped
at 32M (NBD_CMD_READ) or caps allocation to 1000 bytes (see
NBD_MAX_MALLOC_PAYLOAD in block/nbd.c).  But the existing length
checks are rather late; if we encounter a buggy (or malicious) server
that sends a super-large payload length, we should drop the connection
right then rather than assuming the layer on top will be careful.
This becomes more important when we permit 64-bit lengths which are
even more likely to have the potential for attempted denial of service
abuse.

Signed-off-by: Eric Blake<eblake@redhat.com>



Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>

--
Best regards,
Vladimir

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v3 02/14] nbd/client: Add safety check on chunk payload length, Eric Blake, 2023/05/15
- Re: [PATCH v3 02/14] nbd/client: Add safety check on chunk payload length, Vladimir Sementsov-Ogievskiy <=

Prev by Date: Re: [PATCH v3 01/14] nbd/client: Use smarter assert
Next by Date: Re: [PATCH v2 5/6] block/linux-aio: convert to blk_io_plug_call() API
Previous by thread: [PATCH v3 02/14] nbd/client: Add safety check on chunk payload length
Next by thread: [PATCH v3 04/14] nbd: Prepare for 64-bit request effect lengths
Index(es):
- Date
- Thread