[Libguestfs] [PATCH nbdkit] tls-fallback: Fix filter for new .block_size callback
Eric Blake
eblake at redhat.com
Thu Feb 17 15:05:16 UTC 2022
On Wed, Feb 16, 2022 at 09:41:17PM +0000, Richard W.M. Jones wrote:
> Ignore the previous patch (I think). This change works better.
>
> The filter is still kind of hairy, although I think I understand now
> the reasons why it is so!
Yep, CVE-2021-3716 mandates some of the complexity. I should at least
push a patch adding more comments (including the CVE number) in
tls-fallback.c, rather than assuming you can piece it together from
the blurb in nbdkit-security.pod.
And yes, this version is much better than your v1 (which would have
reintroduced the CVE that this filter was designed to prevent).
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
More information about the Libguestfs
mailing list