diff options
author | Eric Blake <eblake@redhat.com> | 2016-05-11 16:39:44 -0600 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2016-06-16 18:39:05 +0200 |
commit | 943cec86d0864464ab29b42940c49d1ccbe8d268 (patch) | |
tree | 0edf2c73a1c3f3fee5a7f43cad329e5436618dcb /nbd | |
parent | f3c32fce3688fe1f13ceb0777faa1fc19d66d1fc (diff) | |
download | qemu-943cec86d0864464ab29b42940c49d1ccbe8d268.tar.gz qemu-943cec86d0864464ab29b42940c49d1ccbe8d268.tar.bz2 qemu-943cec86d0864464ab29b42940c49d1ccbe8d268.zip |
nbd: Avoid magic number for NBD max name size
Declare a constant and use that when determining if an export
name fits within the constraints we are willing to support.
Note that upstream NBD recently documented that clients MUST
support export names of 256 bytes (not including trailing NUL),
and SHOULD support names up to 4096 bytes. 4096 is a bit big
(we would lose benefits of stack-allocation of a name array),
and we already have other limits in place (for example, qcow2
snapshot names are clamped around 1024). So for now, just
stick to the required minimum, as that's easier to audit than
a full-scale support for larger names.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1463006384-7734-12-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'nbd')
-rw-r--r-- | nbd/client.c | 2 | ||||
-rw-r--r-- | nbd/server.c | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/nbd/client.c b/nbd/client.c index e8bf9fb540..287487c6c2 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -210,7 +210,7 @@ static int nbd_receive_list(QIOChannel *ioc, char **name, Error **errp) error_setg(errp, "incorrect option name length"); return -1; } - if (namelen > 255) { + if (namelen > NBD_MAX_NAME_SIZE) { error_setg(errp, "export name length too long %" PRIu32, namelen); return -1; } diff --git a/nbd/server.c b/nbd/server.c index 41067a4bf8..a677e266ff 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -286,13 +286,13 @@ static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length) static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length) { int rc = -EINVAL; - char name[256]; + char name[NBD_MAX_NAME_SIZE + 1]; /* Client sends: [20 .. xx] export name (length bytes) */ TRACE("Checking length"); - if (length > 255) { + if (length >= sizeof(name)) { LOG("Bad length received"); goto fail; } |