From patchwork Thu Jun 16 14:16:20 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 9181277 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6CA9C60760 for ; Thu, 16 Jun 2016 15:27:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5CFBB280B0 for ; Thu, 16 Jun 2016 15:27:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4FC9128364; Thu, 16 Jun 2016 15:27:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E9C17280B0 for ; Thu, 16 Jun 2016 15:27:46 +0000 (UTC) Received: from localhost ([::1]:50069 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bDZCs-00031x-29 for patchwork-qemu-devel@patchwork.kernel.org; Thu, 16 Jun 2016 11:27:46 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48723) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bDY6d-0007Eu-4Q for qemu-devel@nongnu.org; Thu, 16 Jun 2016 10:17:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bDY6V-00038k-TU for qemu-devel@nongnu.org; Thu, 16 Jun 2016 10:17:14 -0400 Received: from mx1.redhat.com ([209.132.183.28]:34665) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bDY6V-00038e-Nd for qemu-devel@nongnu.org; Thu, 16 Jun 2016 10:17:07 -0400 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3FEDE693F6 for ; Thu, 16 Jun 2016 14:17:07 +0000 (UTC) Received: from donizetti.redhat.com (ovpn-112-58.ams2.redhat.com [10.36.112.58]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u5GEGQh0016497; Thu, 16 Jun 2016 10:17:06 -0400 From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Thu, 16 Jun 2016 16:16:20 +0200 Message-Id: <1466086585-16526-26-git-send-email-pbonzini@redhat.com> In-Reply-To: <1466086585-16526-1-git-send-email-pbonzini@redhat.com> References: <1466086585-16526-1-git-send-email-pbonzini@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 16 Jun 2016 14:17:07 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 25/30] nbd: Avoid magic number for NBD max name size X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Blake Declare a constant and use that when determining if an export name fits within the constraints we are willing to support. Note that upstream NBD recently documented that clients MUST support export names of 256 bytes (not including trailing NUL), and SHOULD support names up to 4096 bytes. 4096 is a bit big (we would lose benefits of stack-allocation of a name array), and we already have other limits in place (for example, qcow2 snapshot names are clamped around 1024). So for now, just stick to the required minimum, as that's easier to audit than a full-scale support for larger names. Signed-off-by: Eric Blake Message-Id: <1463006384-7734-12-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini --- include/block/nbd.h | 6 ++++++ nbd/client.c | 2 +- nbd/server.c | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/include/block/nbd.h b/include/block/nbd.h index 747bb0a..df1f804 100644 --- a/include/block/nbd.h +++ b/include/block/nbd.h @@ -77,6 +77,12 @@ enum { /* Maximum size of a single READ/WRITE data buffer */ #define NBD_MAX_BUFFER_SIZE (32 * 1024 * 1024) +/* Maximum size of an export name. The NBD spec requires 256 and + * suggests that servers support up to 4096, but we stick to only the + * required size so that we can stack-allocate the names, and because + * going larger would require an audit of more code to make sure we + * aren't overflowing some other buffer. */ +#define NBD_MAX_NAME_SIZE 256 ssize_t nbd_wr_syncv(QIOChannel *ioc, struct iovec *iov, diff --git a/nbd/client.c b/nbd/client.c index e8bf9fb..287487c 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -210,7 +210,7 @@ static int nbd_receive_list(QIOChannel *ioc, char **name, Error **errp) error_setg(errp, "incorrect option name length"); return -1; } - if (namelen > 255) { + if (namelen > NBD_MAX_NAME_SIZE) { error_setg(errp, "export name length too long %" PRIu32, namelen); return -1; } diff --git a/nbd/server.c b/nbd/server.c index a21b536..ba950973 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -286,13 +286,13 @@ static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length) static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length) { int rc = -EINVAL; - char name[256]; + char name[NBD_MAX_NAME_SIZE + 1]; /* Client sends: [20 .. xx] export name (length bytes) */ TRACE("Checking length"); - if (length > 255) { + if (length >= sizeof(name)) { LOG("Bad length received"); goto fail; }