31 lines
929 B
Diff
31 lines
929 B
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
|
Date: Wed, 29 Nov 2017 09:39:55 +0100
|
|
Subject: [PATCH] nbd/server: CVE-2017-15119 Reject options larger than 32M
|
|
|
|
Backported-from: fdad35ef6c58
|
|
---
|
|
nbd/server.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/nbd/server.c b/nbd/server.c
|
|
index a98bb21a0a..4d6da8ac06 100644
|
|
--- a/nbd/server.c
|
|
+++ b/nbd/server.c
|
|
@@ -489,6 +489,12 @@ static int nbd_negotiate_options(NBDClient *client)
|
|
}
|
|
length = be32_to_cpu(length);
|
|
|
|
+ if (length > NBD_MAX_BUFFER_SIZE) {
|
|
+ LOG("len (%" PRIu32" ) is larger than max len (%u)",
|
|
+ length, NBD_MAX_BUFFER_SIZE);
|
|
+ return -EINVAL;
|
|
+ }
|
|
+
|
|
TRACE("Checking option 0x%" PRIx32, clientflags);
|
|
if (client->tlscreds &&
|
|
client->ioc == (QIOChannel *)client->sioc) {
|
|
--
|
|
2.11.0
|
|
|