On 6/9/20 8:17 PM, Eric Blake wrote:
The following changes since commit 31d321c2b3574dcc74e9f6411af06bca6b5d10f4:
Merge remote-tracking branch
'remotes/philmd-gitlab/tags/sparc-next-20200609' into staging (2020-06-09
17:29:47 +0100)
are available in the Git repository at:
https://repo.or.cz/qemu/ericb.git tags/pull-nbd-2020-06-09
for you to fetch changes up to 2886df0c75c1c5f6aed054c54f4ad48aeee04bfd:
block: Call attention to truncation of long NBD exports (2020-06-09 17:05:50
-0500)
----------------------------------------------------------------
NBD patches for 2020-06-09
- fix iotest 194 race
- fix CVE-2020-10761: server DoS from assertion on long NBD error messages
----------------------------------------------------------------
Eric Blake (2):
nbd/server: Avoid long error message assertions CVE-2020-10761
Vladimir raised a potential thread-safety issue in this patch. As it is
intended to fix a CVE, let's hold off on this pull request, and I'll
send a v2 once I have better review.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
