On 6/9/20 8:17 PM, Eric Blake wrote:
> The following changes since commit 31d321c2b3574dcc74e9f6411af06bca6b5d10f4:
>
> Merge remote-tracking branch 'remotes/philmd-gitlab/tags/sparc-next-20200609' into staging (2020-06-09 17:29:47 +0100)
>
> are available in the Git repository at:
>
> https://repo.or.cz/qemu/ericb.git tags/pull-nbd-2020-06-09
>
> for you to fetch changes up to 2886df0c75c1c5f6aed054c54f4ad48aeee04bfd:
>
> block: Call attention to truncation of long NBD exports (2020-06-09 17:05:50 -0500)
>
> ----------------------------------------------------------------
> NBD patches for 2020-06-09
>
> - fix iotest 194 race
> - fix CVE-2020-10761: server DoS from assertion on long NBD error messages
>
> ----------------------------------------------------------------
> Eric Blake (2):
> nbd/server: Avoid long error message assertions CVE-2020-10761
Vladimir raised a potential thread-safety issue in this patch. As it is
intended to fix a CVE, let's hold off on this pull request, and I'll
send a v2 once I have better review.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org