[Libguestfs] [PATCH v3 02/14] nbd/client: Add safety check on chunk payload length
Vladimir Sementsov-Ogievskiy
vsementsov at yandex-team.ru
Mon May 29 08:25:17 UTC 2023
On 15.05.23 22:53, Eric Blake wrote:
> Our existing use of structured replies either reads into a qiov capped
> at 32M (NBD_CMD_READ) or caps allocation to 1000 bytes (see
> NBD_MAX_MALLOC_PAYLOAD in block/nbd.c). But the existing length
> checks are rather late; if we encounter a buggy (or malicious) server
> that sends a super-large payload length, we should drop the connection
> right then rather than assuming the layer on top will be careful.
> This becomes more important when we permit 64-bit lengths which are
> even more likely to have the potential for attempted denial of service
> abuse.
>
> Signed-off-by: Eric Blake<eblake at redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov at yandex-team.ru>
--
Best regards,
Vladimir
More information about the Libguestfs
mailing list