On 03/12/2018 10:21 AM, Vladimir Sementsov-Ogievskiy wrote:
Add helper to read name in format:

   uint32 len       (<= NBD_MAX_NAME_SIZE)
   len bytes string (not 0-terminated)

The helper would be reused in following patch.

s/would/will/


Signed-off-by: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com>
---

v2: splitted and changed a lot helper from larger patch of v1

'split' (one of those weird English words whose past and present tense are spelled the same way; there is no 'splitted')


  nbd/server.c | 55 ++++++++++++++++++++++++++++++++++++++++++-------------
  1 file changed, 42 insertions(+), 13 deletions(-)

diff --git a/nbd/server.c b/nbd/server.c
index d163964cf9..085e14afbf 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -273,6 +273,47 @@ static int nbd_opt_read(NBDClient *client, void *buffer, 
size_t size,
      return qio_channel_read_all(client->ioc, buffer, size, errp) < 0 ? -EIO : 
1;
  }
+/* nbd_opt_read_name
+ *
+ * Read string in format:

Read a string in the format:

+ *   uint32_t len     (<= NBD_MAX_NAME_SIZE)
+ *   len bytes string (not 0-terminated)
+ *
+ * @name should be enough to store NBD_MAX_NAME_SIZE+1.
+ * if @length is non-zero, it would be set to read string length.

s/if/If/
s/would/will/
s/read/the actual/

+ *
+ * Return -errno on I/O error, 0 if option was completely handled by
+ * sending a reply about inconsistent lengths, or 1 on success. */
+static int nbd_opt_read_name(NBDClient *client, char *name, uint32_t *length,
+                             Error **errp)
+{

Function looks good.

@@ -455,19 +496,7 @@ static int nbd_negotiate_handle_info(NBDClient *client, 
uint16_t myflags,
          2 bytes: N, number of requests (can be 0)
          N * 2 bytes: N requests
      */
-    rc = nbd_opt_read(client, &namelen, sizeof(namelen), errp);
-    if (rc <= 0) {
-        return rc;
-    }
-    be32_to_cpus(&namelen);
-    if (namelen >= sizeof(name)) {
-        return nbd_opt_invalid(client, errp, "name too long for qemu");
-    }
-    rc = nbd_opt_read(client, name, namelen, errp);
-    if (rc <= 0) {
-        return rc;
-    }
-    name[namelen] = '\0';
+    rc = nbd_opt_read_name(client, name, &namelen, errp);
      trace_nbd_negotiate_handle_export_name_request(name);
rc = nbd_opt_read(client, &requests, sizeof(requests), errp);

Oh, so close. You overwrote rc instead of checking for errors. I'm squashing in the obvious fix, plus the grammar changes, then adding:
Reviewed-by: Eric Blake <ebl...@redhat.com>

diff --git i/nbd/server.c w/nbd/server.c
index 850c6cd2dad..e28526600c4 100644
--- i/nbd/server.c
+++ w/nbd/server.c
@@ -497,6 +497,9 @@ static int nbd_negotiate_handle_info(NBDClient *client, uint16_t myflags,
         N * 2 bytes: N requests
     */
     rc = nbd_opt_read_name(client, name, &namelen, errp);
+    if (rc <= 0) {
+        return rc;
+    }
     trace_nbd_negotiate_handle_export_name_request(name);

     rc = nbd_opt_read(client, &requests, sizeof(requests), errp);


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Reply via email to