From: Eric Blake <eblake@redhat.com>
To: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>,
qemu-block@nongnu.org, qemu-devel@nongnu.org
Cc: kwolf@redhat.com, famz@redhat.com, den@virtuozzo.com,
qemu-stable <qemu-stable@nongnu.org>,
armbru@redhat.com, mreitz@redhat.com, stefanha@redhat.com,
pbonzini@redhat.com, jsnow@redhat.com
Subject: Re: [Qemu-devel] [PATCH 05/18] nbd/client: fix drop_sync
Date: Wed, 15 Feb 2017 08:50:05 -0600 [thread overview]
Message-ID: <6158196a-7bf4-d9e1-b66e-9cf8e734f159@redhat.com> (raw)
In-Reply-To: <e69c4f0f-ca4f-f3fd-18e4-3db9adb94021@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1401 bytes --]
On 02/06/2017 05:17 PM, Eric Blake wrote:
> On 02/03/2017 09:47 AM, Vladimir Sementsov-Ogievskiy wrote:
>> Comparison symbol is misused. It may lead to memory corruption.
>>
>> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
>> ---
>> nbd/client.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Adding qemu-stable; this needs to be back-ported, and can be applied
> independently from your series.
>
> Reviewed-by: Eric Blake <eblake@redhat.com>
For the record, this is now assigned CVE-2017-2630. My apologies for
introducing the bug in the first place (commit 7d3123e). The maintainer
may want to touch up the commit message to give those further details,
since it is security-related.
>
>>
>> diff --git a/nbd/client.c b/nbd/client.c
>> index 6caf6bda6d..351731bc63 100644
>> --- a/nbd/client.c
>> +++ b/nbd/client.c
>> @@ -94,7 +94,7 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size)
>> char small[1024];
>> char *buffer;
>>
>> - buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size));
>> + buffer = sizeof(small) > size ? small : g_malloc(MIN(65536, size));
>> while (size > 0) {
>> ssize_t count = read_sync(ioc, buffer, MIN(65536, size));
>>
>>
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
next prev parent reply other threads:[~2017-02-15 14:50 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-03 15:47 [Qemu-devel] [PATCH 00/18] nbd: BLOCK_STATUS Vladimir Sementsov-Ogievskiy
2017-02-03 15:47 ` [Qemu-devel] [PATCH 01/18] nbd: rename NBD_REPLY_MAGIC to NBD_SIMPLE_REPLY_MAGIC Vladimir Sementsov-Ogievskiy
2017-02-06 19:54 ` Eric Blake
2017-02-03 15:47 ` [Qemu-devel] [PATCH 02/18] nbd-server: refactor simple reply sending Vladimir Sementsov-Ogievskiy
2017-02-06 21:09 ` Eric Blake
2017-02-03 15:47 ` [Qemu-devel] [PATCH 03/18] nbd: Minimal structured read for server Vladimir Sementsov-Ogievskiy
2017-02-06 23:01 ` Eric Blake
2017-02-07 17:44 ` Paolo Bonzini
2017-05-04 10:58 ` Vladimir Sementsov-Ogievskiy
2017-05-04 13:28 ` Eric Blake
2017-05-05 11:30 ` Vladimir Sementsov-Ogievskiy
2017-02-03 15:47 ` [Qemu-devel] [PATCH 04/18] nbd/client: refactor nbd_receive_starttls Vladimir Sementsov-Ogievskiy
2017-02-07 16:32 ` Eric Blake
2017-02-09 6:20 ` Vladimir Sementsov-Ogievskiy
2017-02-09 14:41 ` Eric Blake
2017-02-10 11:23 ` Vladimir Sementsov-Ogievskiy
2017-02-11 19:30 ` Eric Blake
2017-02-20 16:14 ` Eric Blake
2017-02-03 15:47 ` [Qemu-devel] [PATCH 05/18] nbd/client: fix drop_sync Vladimir Sementsov-Ogievskiy
2017-02-06 23:17 ` Eric Blake
2017-02-15 14:50 ` Eric Blake [this message]
2017-02-03 15:47 ` [Qemu-devel] [PATCH 06/18] nbd/client: refactor drop_sync Vladimir Sementsov-Ogievskiy
2017-02-06 23:19 ` Eric Blake
2017-02-08 7:55 ` Vladimir Sementsov-Ogievskiy
2017-02-15 16:52 ` Paolo Bonzini
2017-02-03 15:47 ` [Qemu-devel] [PATCH 07/18] nbd: Minimal structured read for client Vladimir Sementsov-Ogievskiy
2017-02-07 20:14 ` Eric Blake
2017-02-15 16:54 ` Paolo Bonzini
2017-08-01 15:41 ` Vladimir Sementsov-Ogievskiy
2017-08-01 15:56 ` Vladimir Sementsov-Ogievskiy
2017-02-03 15:47 ` [Qemu-devel] [PATCH 08/18] hbitmap: add next_zero function Vladimir Sementsov-Ogievskiy
2017-02-07 22:55 ` Eric Blake
2017-02-15 16:57 ` Paolo Bonzini
2017-02-03 15:47 ` [Qemu-devel] [PATCH 09/18] block/dirty-bitmap: add bdrv_dirty_bitmap_next() Vladimir Sementsov-Ogievskiy
2017-02-03 15:47 ` [Qemu-devel] [PATCH 10/18] block/dirty-bitmap: add bdrv_load_dirty_bitmap Vladimir Sementsov-Ogievskiy
2017-02-08 11:45 ` Fam Zheng
2017-02-16 12:37 ` Denis V. Lunev
2017-02-03 15:47 ` [Qemu-devel] [PATCH 11/18] nbd: BLOCK_STATUS for bitmap export: server part Vladimir Sementsov-Ogievskiy
2017-02-08 13:13 ` Eric Blake
2017-02-16 13:00 ` Denis V. Lunev
2017-02-03 15:47 ` [Qemu-devel] [PATCH 12/18] nbd: BLOCK_STATUS for bitmap export: client part Vladimir Sementsov-Ogievskiy
2017-02-08 23:06 ` Eric Blake
2017-02-03 15:47 ` [Qemu-devel] [PATCH 13/18] nbd: add nbd_dirty_bitmap_load Vladimir Sementsov-Ogievskiy
2017-02-03 15:47 ` [Qemu-devel] [PATCH 14/18] qmp: add x-debug-block-dirty-bitmap-sha256 Vladimir Sementsov-Ogievskiy
2017-02-03 15:47 ` [Qemu-devel] [PATCH 15/18] qmp: add block-dirty-bitmap-load Vladimir Sementsov-Ogievskiy
2017-02-07 12:04 ` Fam Zheng
2017-02-09 15:18 ` Eric Blake
2017-02-15 16:57 ` Paolo Bonzini
2017-02-03 15:47 ` [Qemu-devel] [PATCH 16/18] iotests: add test for nbd dirty bitmap export Vladimir Sementsov-Ogievskiy
2017-02-03 15:47 ` [Qemu-devel] [PATCH 17/18] nbd: BLOCK_STATUS for standard get_block_status function: server part Vladimir Sementsov-Ogievskiy
2017-02-09 15:38 ` Eric Blake
2017-02-15 17:02 ` Paolo Bonzini
2017-02-15 17:02 ` Paolo Bonzini
2017-02-03 15:47 ` [Qemu-devel] [PATCH 18/18] nbd: BLOCK_STATUS for standard get_block_status function: client part Vladimir Sementsov-Ogievskiy
2017-02-09 16:00 ` Eric Blake
2017-02-15 17:04 ` Paolo Bonzini
2017-02-15 17:05 ` [Qemu-devel] [PATCH 00/18] nbd: BLOCK_STATUS Paolo Bonzini
2017-07-13 11:10 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6158196a-7bf4-d9e1-b66e-9cf8e734f159@redhat.com \
--to=eblake@redhat.com \
--cc=armbru@redhat.com \
--cc=den@virtuozzo.com \
--cc=famz@redhat.com \
--cc=jsnow@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=stefanha@redhat.com \
--cc=vsementsov@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.