1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Wolfgang Bumiller <w.bumiller@proxmox.com>
3 Date: Wed, 29 Nov 2017 09:39:55 +0100
4 Subject: [PATCH] nbd/server: CVE-2017-15119 Reject options larger than 32M
6 Backported-from: fdad35ef6c58
8 nbd/server.c | 6 ++++++
9 1 file changed, 6 insertions(+)
11 diff --git a/nbd/server.c b/nbd/server.c
12 index a98bb21a0a..4d6da8ac06 100644
15 @@ -489,6 +489,12 @@ static int nbd_negotiate_options(NBDClient *client)
17 length = be32_to_cpu(length);
19 + if (length > NBD_MAX_BUFFER_SIZE) {
20 + LOG("len (%" PRIu32" ) is larger than max len (%u)",
21 + length, NBD_MAX_BUFFER_SIZE);
25 TRACE("Checking option 0x%" PRIx32, clientflags);
26 if (client->tlscreds &&
27 client->ioc == (QIOChannel *)client->sioc) {