From nobody Sun Oct 5 19:22:55 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 15162428685421022.3220996972776; Wed, 17 Jan 2018 18:34:28 -0800 (PST) Received: from localhost ([::1]:53088 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ec021-0002cf-UR for importer@patchew.org; Wed, 17 Jan 2018 21:34:21 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50685) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ebzuo-0005kH-GT for qemu-devel@nongnu.org; Wed, 17 Jan 2018 21:26:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ebzun-0001Gk-56 for qemu-devel@nongnu.org; Wed, 17 Jan 2018 21:26:54 -0500 Received: from mx1.redhat.com ([209.132.183.28]:43484) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ebzug-0001BQ-Sg; Wed, 17 Jan 2018 21:26:47 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D1BA2C058ECC; Thu, 18 Jan 2018 02:26:40 +0000 (UTC) Received: from red.redhat.com (ovpn-126-198.rdu2.redhat.com [10.10.126.198]) by smtp.corp.redhat.com (Postfix) with ESMTP id DA8EC5C8AF; Thu, 18 Jan 2018 02:26:39 +0000 (UTC) From: Eric Blake To: qemu-devel@nongnu.org Date: Wed, 17 Jan 2018 20:26:24 -0600 Message-Id: <20180118022625.6462-6-eblake@redhat.com> In-Reply-To: <20180118022625.6462-1-eblake@redhat.com> References: <20180118022625.6462-1-eblake@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 18 Jan 2018 02:26:40 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 5/6] nbd/server: Add helper functions for parsing option payload X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , "open list:Network Block Dev..." Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Rather than making every callsite perform length sanity checks and error reporting, add the helper functions nbd_opt_read() and nbd_opt_drop() that use the length stored in the client struct; also add an assertion that optlen is 0 before any option (ie. any previous option was fully handled), complementing the assertion added in an earlier patch that optlen is 0 after all negotiation completes. Note that the call in nbd_negotiate_handle_export_name() does not use the new helper (in part because the server cannot reply to NBD_OPT_EXPORT_NAME - it either succeeds or the connection drops). Based on patches by Vladimir Sementsov-Ogievskiy. Signed-off-by: Eric Blake Reviewed-by: Vladimir Sementsov-Ogievskiy Message-Id: <20180110230825.18321-6-eblake@redhat.com> --- nbd/server.c | 122 ++++++++++++++++++++++++++++++-------------------------= ---- 1 file changed, 62 insertions(+), 60 deletions(-) diff --git a/nbd/server.c b/nbd/server.c index 04da1c2f1e1..78b08f58913 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -229,6 +229,40 @@ nbd_negotiate_send_rep_err(NBDClient *client, uint32_t= type, return ret; } +/* Drop remainder of the current option, and send a reply with the + * given error type and message. Return -errno on read or write + * failure; or 0 if connection is still live. */ +static int GCC_FMT_ATTR(4, 5) +nbd_opt_drop(NBDClient *client, uint32_t type, Error **errp, + const char *fmt, ...) +{ + int ret =3D nbd_drop(client->ioc, client->optlen, errp); + va_list va; + + client->optlen =3D 0; + if (!ret) { + va_start(va, fmt); + ret =3D nbd_negotiate_send_rep_verr(client, type, errp, fmt, va); + va_end(va); + } + return ret; +} + +/* Read size bytes from the unparsed payload of the current option. + * Return -errno on I/O error, 0 if option was completely handled by + * sending a reply about inconsistent lengths, or 1 on success. */ +static int nbd_opt_read(NBDClient *client, void *buffer, size_t size, + Error **errp) +{ + if (size > client->optlen) { + return nbd_opt_drop(client, NBD_REP_ERR_INVALID, errp, + "Inconsistent lengths in option %s", + nbd_opt_lookup(client->opt)); + } + client->optlen -=3D size; + return qio_channel_read_all(client->ioc, buffer, size, errp) < 0 ? -EI= O : 1; +} + /* Send a single NBD_REP_SERVER reply to NBD_OPT_LIST, including payload. * Return -errno on error, 0 on success. */ static int nbd_negotiate_send_rep_list(NBDClient *client, NBDExport *exp, @@ -378,14 +412,11 @@ static int nbd_reject_length(NBDClient *client, bool = fatal, Error **errp) int ret; assert(client->optlen); - if (nbd_drop(client->ioc, client->optlen, errp) < 0) { - return -EIO; - } - ret =3D nbd_negotiate_send_rep_err(client, NBD_REP_ERR_INVALID, errp, - "option '%s' should have zero length", - nbd_opt_lookup(client->opt)); + ret =3D nbd_opt_drop(client, NBD_REP_ERR_INVALID, errp, + "option '%s' has unexpected length", + nbd_opt_lookup(client->opt)); if (fatal && !ret) { - error_setg(errp, "option '%s' should have zero length", + error_setg(errp, "option '%s' has unexpected length", nbd_opt_lookup(client->opt)); return -EINVAL; } @@ -408,7 +439,6 @@ static int nbd_negotiate_handle_info(NBDClient *client,= uint16_t myflags, bool blocksize =3D false; uint32_t sizes[3]; char buf[sizeof(uint64_t) + sizeof(uint16_t)]; - const char *msg; /* Client sends: 4 bytes: L, name length (can be 0) @@ -416,48 +446,34 @@ static int nbd_negotiate_handle_info(NBDClient *clien= t, uint16_t myflags, 2 bytes: N, number of requests (can be 0) N * 2 bytes: N requests */ - if (client->optlen < sizeof(namelen) + sizeof(requests)) { - msg =3D "overall request too short"; - goto invalid; - } - if (nbd_read(client->ioc, &namelen, sizeof(namelen), errp) < 0) { - return -EIO; + rc =3D nbd_opt_read(client, &namelen, sizeof(namelen), errp); + if (rc <=3D 0) { + return rc; } be32_to_cpus(&namelen); - client->optlen -=3D sizeof(namelen); - if (namelen > client->optlen - sizeof(requests) || - (client->optlen - namelen) % 2) - { - msg =3D "name length is incorrect"; - goto invalid; - } if (namelen >=3D sizeof(name)) { - msg =3D "name too long for qemu"; - goto invalid; + return nbd_opt_drop(client, NBD_REP_ERR_INVALID, errp, + "name too long for qemu"); } - if (nbd_read(client->ioc, name, namelen, errp) < 0) { - return -EIO; + rc =3D nbd_opt_read(client, name, namelen, errp); + if (rc <=3D 0) { + return rc; } name[namelen] =3D '\0'; - client->optlen -=3D namelen; trace_nbd_negotiate_handle_export_name_request(name); - if (nbd_read(client->ioc, &requests, sizeof(requests), errp) < 0) { - return -EIO; + rc =3D nbd_opt_read(client, &requests, sizeof(requests), errp); + if (rc <=3D 0) { + return rc; } be16_to_cpus(&requests); - client->optlen -=3D sizeof(requests); trace_nbd_negotiate_handle_info_requests(requests); - if (requests !=3D client->optlen / sizeof(request)) { - msg =3D "incorrect number of requests for overall length"; - goto invalid; - } while (requests--) { - if (nbd_read(client->ioc, &request, sizeof(request), errp) < 0) { - return -EIO; + rc =3D nbd_opt_read(client, &request, sizeof(request), errp); + if (rc <=3D 0) { + return rc; } be16_to_cpus(&request); - client->optlen -=3D sizeof(request); trace_nbd_negotiate_handle_info_request(request, nbd_info_lookup(request)); /* We care about NBD_INFO_NAME and NBD_INFO_BLOCK_SIZE; @@ -472,7 +488,9 @@ static int nbd_negotiate_handle_info(NBDClient *client,= uint16_t myflags, break; } } - assert(client->optlen =3D=3D 0); + if (client->optlen) { + return nbd_reject_length(client, false, errp); + } exp =3D nbd_export_find(name); if (!exp) { @@ -560,13 +578,6 @@ static int nbd_negotiate_handle_info(NBDClient *client= , uint16_t myflags, rc =3D 1; } return rc; - - invalid: - if (nbd_drop(client->ioc, client->optlen, errp) < 0) { - return -EIO; - } - return nbd_negotiate_send_rep_err(client, NBD_REP_ERR_INVALID, - errp, "%s", msg); } @@ -696,6 +707,7 @@ static int nbd_negotiate_options(NBDClient *client, uin= t16_t myflags, return -EINVAL; } length =3D be32_to_cpu(length); + assert(!client->optlen); client->optlen =3D length; if (length > NBD_MAX_BUFFER_SIZE) { @@ -736,14 +748,9 @@ static int nbd_negotiate_options(NBDClient *client, ui= nt16_t myflags, return -EINVAL; default: - if (nbd_drop(client->ioc, length, errp) < 0) { - return -EIO; - } - ret =3D nbd_negotiate_send_rep_err(client, - NBD_REP_ERR_TLS_REQD, err= p, - "Option 0x%" PRIx32 - "not permitted before TLS= ", - option); + ret =3D nbd_opt_drop(client, NBD_REP_ERR_TLS_REQD, errp, + "Option 0x%" PRIx32 + "not permitted before TLS", option); /* Let the client keep trying, unless they asked to * quit. In this mode, we've already sent an error, so * we can't ack the abort. */ @@ -812,14 +819,9 @@ static int nbd_negotiate_options(NBDClient *client, ui= nt16_t myflags, break; default: - if (nbd_drop(client->ioc, length, errp) < 0) { - return -EIO; - } - ret =3D nbd_negotiate_send_rep_err(client, - NBD_REP_ERR_UNSUP, errp, - "Unsupported option 0x%" - PRIx32 " (%s)", option, - nbd_opt_lookup(option)); + ret =3D nbd_opt_drop(client, NBD_REP_ERR_UNSUP, errp, + "Unsupported option 0x%" PRIx32 " (%s)", + option, nbd_opt_lookup(option)); break; } } else { --=20 2.14.3