]>
Commit | Line | Data |
---|---|---|
3dcc8d3b | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
c53dfb57 WB |
2 | From: Wolfgang Bumiller <w.bumiller@proxmox.com> |
3 | Date: Wed, 29 Nov 2017 09:39:55 +0100 | |
3dcc8d3b | 4 | Subject: [PATCH] nbd/server: CVE-2017-15119 Reject options larger than 32M |
c53dfb57 WB |
5 | |
6 | Backported-from: fdad35ef6c58 | |
7 | --- | |
8 | nbd/server.c | 6 ++++++ | |
9 | 1 file changed, 6 insertions(+) | |
10 | ||
11 | diff --git a/nbd/server.c b/nbd/server.c | |
12 | index a98bb21a0a..4d6da8ac06 100644 | |
13 | --- a/nbd/server.c | |
14 | +++ b/nbd/server.c | |
15 | @@ -489,6 +489,12 @@ static int nbd_negotiate_options(NBDClient *client) | |
16 | } | |
17 | length = be32_to_cpu(length); | |
18 | ||
19 | + if (length > NBD_MAX_BUFFER_SIZE) { | |
20 | + LOG("len (%" PRIu32" ) is larger than max len (%u)", | |
21 | + length, NBD_MAX_BUFFER_SIZE); | |
22 | + return -EINVAL; | |
23 | + } | |
24 | + | |
25 | TRACE("Checking option 0x%" PRIx32, clientflags); | |
26 | if (client->tlscreds && | |
27 | client->ioc == (QIOChannel *)client->sioc) { | |
28 | -- | |
29 | 2.11.0 | |
30 |