| commit | 7ed83d1436501e931246c580c4db106f372c2b42 | |
| author | Eric Blake <eblake@redhat.com> | |
| Thu, 19 Sep 2019 01:55:49 +0000 (18 20:55 -0500) | ||
| committer | Eric Blake <eblake@redhat.com> | |
| Thu, 19 Sep 2019 11:39:32 +0000 (19 06:39 -0500) | ||
| tree | 9ad972012e124cb88f9ac317f15b9daac1d2ee41 | treesnapshot (tar.gz zip) |
| parent | a6b88b195a959b17524d1c8353fd425d4891dc5f | commitdiff |
server: Fix back-to-back SET_META_CONTEXT
The NBD spec says that if a client requests a 1-query SET_META_CONTEXT
for context "base:allocation", then changes its mind and requests a
1-query SET_META_CONTEXT for "other:context", only the final query
matters; in such a case, since we did not reply with a context the
second time, the client must not call NBD_CMD_BLOCK_STATUS, and the
server should fail it with EINVAL. If the client actually wants two
contexts, it must request them in a 2-query SET_META_CONTEXT.
However, our code didn't reset the boolean between two uses of the
option, so we were not catching an invalid client that requests block
status in spite of no response to their second SET_META_CONTEXT.
Note that there are no known clients in the wild that can actually
perform this secondary SET_META_CONTEXT request; this was found by
inspection. As nbdkit does not crash in this situation, I don't see
the point in hacking libnbd to make it possible to become such a
client.
Fixes: 26455d45
Signed-off-by: Eric Blake <eblake@redhat.com>
The NBD spec says that if a client requests a 1-query SET_META_CONTEXT
for context "base:allocation", then changes its mind and requests a
1-query SET_META_CONTEXT for "other:context", only the final query
matters; in such a case, since we did not reply with a context the
second time, the client must not call NBD_CMD_BLOCK_STATUS, and the
server should fail it with EINVAL. If the client actually wants two
contexts, it must request them in a 2-query SET_META_CONTEXT.
However, our code didn't reset the boolean between two uses of the
option, so we were not catching an invalid client that requests block
status in spite of no response to their second SET_META_CONTEXT.
Note that there are no known clients in the wild that can actually
perform this secondary SET_META_CONTEXT request; this was found by
inspection. As nbdkit does not crash in this situation, I don't see
the point in hacking libnbd to make it possible to become such a
client.
Fixes: 26455d45
Signed-off-by: Eric Blake <eblake@redhat.com>
| server/protocol-handshake-newstyle.c | diffblobblamehistory |