[Libguestfs] [PATCH nbdkit 2/2] server: Zero the read buffer before passing it to plugin .pread method.
Richard W.M. Jones
rjones at redhat.com
Tue Apr 23 13:34:23 UTC 2019
I agree we should only be zeroing this buffer on NBD_CMD_READ, so the
patch is wrong as it stands.
Having an "I promise not to be bad!" flag I think just adds more
complexity to plugins. It would be nice to do the best thing
automatically.
If we have a per-thread buffer then we're still (potentially) leaking
data between clients, even if that data only consists of previously
read data from another part of the disk. However this does seem like
the least bad approach since (a) we're not leaking random heap data
like secret keys and (b) we don't need to make the plugin API any more
complicated. I'll see how easy this is to implement ...
Thanks,
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
More information about the Libguestfs
mailing list