diff options
Diffstat (limited to 'nbd')
-rw-r--r-- | nbd/server.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/nbd/server.c b/nbd/server.c index 8752885509..c41af0debe 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -818,13 +818,6 @@ static ssize_t nbd_co_receive_request(NBDRequest *req, struct nbd_request *reque goto out; } - if (request->len > NBD_MAX_BUFFER_SIZE) { - LOG("len (%u) is larger than max len (%u)", - request->len, NBD_MAX_BUFFER_SIZE); - rc = -EINVAL; - goto out; - } - if ((request->from + request->len) < request->from) { LOG("integer overflow detected! " "you're probably being attacked"); @@ -836,6 +829,13 @@ static ssize_t nbd_co_receive_request(NBDRequest *req, struct nbd_request *reque command = request->type & NBD_CMD_MASK_COMMAND; if (command == NBD_CMD_READ || command == NBD_CMD_WRITE) { + if (request->len > NBD_MAX_BUFFER_SIZE) { + LOG("len (%u) is larger than max len (%u)", + request->len, NBD_MAX_BUFFER_SIZE); + rc = -EINVAL; + goto out; + } + req->data = blk_blockalign(client->exp->blk, request->len); } if (command == NBD_CMD_WRITE) { |