mirror of https://gitee.com/openkylin/qemu.git
nbd-server: do not check request length except for reads and writes
Only reads and writes need to allocate memory correspondent to the request length. Other requests can be sent to the storage without allocating any memory, and thus any request length is acceptable. Reported-by: Sitsofe Wheeler <sitsofe@yahoo.com> Cc: qemu-block@nongnu.org Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
parent
1a6245a5b0
commit
eb38c3b670
14
nbd/server.c
14
nbd/server.c
|
@ -818,13 +818,6 @@ static ssize_t nbd_co_receive_request(NBDRequest *req, struct nbd_request *reque
|
|||
goto out;
|
||||
}
|
||||
|
||||
if (request->len > NBD_MAX_BUFFER_SIZE) {
|
||||
LOG("len (%u) is larger than max len (%u)",
|
||||
request->len, NBD_MAX_BUFFER_SIZE);
|
||||
rc = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((request->from + request->len) < request->from) {
|
||||
LOG("integer overflow detected! "
|
||||
"you're probably being attacked");
|
||||
|
@ -836,6 +829,13 @@ static ssize_t nbd_co_receive_request(NBDRequest *req, struct nbd_request *reque
|
|||
|
||||
command = request->type & NBD_CMD_MASK_COMMAND;
|
||||
if (command == NBD_CMD_READ || command == NBD_CMD_WRITE) {
|
||||
if (request->len > NBD_MAX_BUFFER_SIZE) {
|
||||
LOG("len (%u) is larger than max len (%u)",
|
||||
request->len, NBD_MAX_BUFFER_SIZE);
|
||||
rc = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
req->data = blk_blockalign(client->exp->blk, request->len);
|
||||
}
|
||||
if (command == NBD_CMD_WRITE) {
|
||||
|
|
Loading…
Reference in New Issue