[Libguestfs] [libnbd PATCH 0/3] libnbd hardening against nbd_pread bugs

[Eric Blake]

In documenting the recent CVE-2022-0485 bug in nbdcopy, I pointed out
that the severity of the flaw was server-dependent (a server with
structured replies caused nbdcopy to write zeroes, but a server
without structured replies caused nbdcopy to leak heap contents).  In
fact, this series demonstrates that the severity of ignoring read
errors has had server-dependent behavior in ALL stable released
versins of libnbd, predating the nbdcopy bug.

While the core developers were aware of that fact more than a week
ago, it wasn't until this week that the Red Hat secalert team had
finally decided that publicizing this fact does not constitute a
second CVE fix, but is merely a data hardening technique, and
therefore it is not as essential to backport to stable branches as was
the nbdcopy bug fix.  Other distros may disagree, so I intentionally
separated this series with an eye towards easy backporting.

Eric Blake (3):
  api: Drop server control of memset() prior to NBD_CMD_READ
  api: Guarantee sanitized buffer on pread failure
  api: Add new API nbd_set_pread_initialize()

 lib/internal.h                             |  5 +-
 generator/API.ml                           | 87 +++++++++++++++++++---
 generator/C.ml                             | 12 ++-
 lib/handle.c                               | 17 ++++-
 lib/rw.c                                   | 18 ++---
 python/t/110-defaults.py                   |  3 +-
 python/t/120-set-non-defaults.py           |  4 +-
 ocaml/tests/test_110_defaults.ml           |  4 +-
 ocaml/tests/test_120_set_non_defaults.ml   |  5 +-
 tests/errors.c                             | 34 ++++++++-
 golang/libnbd_110_defaults_test.go         | 10 ++-
 golang/libnbd_120_set_non_defaults_test.go | 12 +++
 12 files changed, 179 insertions(+), 32 deletions(-)

-- 
2.34.1