Any client attempting to probe support for a new option, such as NBD_OPT_STARTTLS or NBD_OPT_GO, with plans to do a graceful fallback to older methods, will fail in its attempt if the server does not consume the length field and potential payload of the unrecognized (or rejected) option, because the server will then be reading out of sync and not see the client's magic for the next option. This bug has been latent in the reference server since commit 626c2a3 in 2012, even though it is EXACTLY the bug that NBD_FLAG_FIXED_NEWSTYLE was designed to prevent.
The only reason it has been buggy for so long is that it has taken us this long to finally want to implement clients that use a new option. This patch fixes only the portion of the server that has been previously released, to make backports easier. The new code for handling TLS also needs fixing, in the next patch. Signed-off-by: Eric Blake <ebl...@redhat.com> --- nbd-server.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/nbd-server.c b/nbd-server.c index c93a9d8..4b0692d 100644 --- a/nbd-server.c +++ b/nbd-server.c @@ -373,6 +373,21 @@ static inline void consume(CLIENT* c, size_t len, void * buf, size_t bufsiz) { } } +/** + * Consume a length field and corresponding payload that we don't want + * + * @param c the client to read from + **/ +static inline void consume_len(CLIENT* c) { + uint32_t len; + char buf[1024]; + + socket_read(c, &len, sizeof(len)); + len = ntohl(len); + consume(c, len, buf, sizeof(buf)); +} + + static void socket_write(CLIENT* client, void *buf, size_t len) { g_assert(client->socket_write != NULL); client->socket_write(client, buf, len); @@ -1525,6 +1540,7 @@ CLIENT* negotiate(int net, GArray* servers, const gchar* tlsdir) { goto hard_close; } default: + consume_len(client); send_reply(client, opt, NBD_REP_ERR_UNSUP, -1, "The given option is unknown to this server implementation"); break; } -- 2.7.4 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Nbd-general mailing list Nbd-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nbd-general