Re: [Qemu-devel] [PATCH 11/17] block/nbd-client: fix nbd_co_request: set s->reply.handle to 0 on error
07.08.2017 14:55, Eric Blake wrote: On 08/04/2017 10:14 AM, Vladimir Sementsov-Ogievskiy wrote: We set s->reply.handle to 0 on one error path and don't set on another. For consistancy and to avoid assert in nbd_read_reply_entry let's set s->reply.handle to 0 in case of wrong handle too. Signed-off-by: Vladimir Sementsov-Ogievskiy--- block/nbd-client.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Can this assertion be triggered now (presumably, with a broken server)? I'm trying to figure out if this is 2.10 material. [Urgh. If a broken server is able to cause an assertion failure that causes a client to abort on an assertion failure, that probably deserves a CVE] Hmm looks like I've mistaken, if handle is wrong than read_reply_co should be already finished, so it's impossible -- Best regards, Vladimir
Re: [Qemu-devel] [PATCH 11/17] block/nbd-client: fix nbd_co_request: set s->reply.handle to 0 on error
On 08/04/2017 10:14 AM, Vladimir Sementsov-Ogievskiy wrote: > We set s->reply.handle to 0 on one error path and don't set on another. > For consistancy and to avoid assert in nbd_read_reply_entry let's > set s->reply.handle to 0 in case of wrong handle too. > > Signed-off-by: Vladimir Sementsov-Ogievskiy> --- > block/nbd-client.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) Can this assertion be triggered now (presumably, with a broken server)? I'm trying to figure out if this is 2.10 material. [Urgh. If a broken server is able to cause an assertion failure that causes a client to abort on an assertion failure, that probably deserves a CVE] -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org signature.asc Description: OpenPGP digital signature