summary refs log tree commit diff stats
path: root/block.c
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2020-06-11 21:19:29 +0100
committerPeter Maydell <peter.maydell@linaro.org>2020-06-11 21:19:29 +0100
commit9f1f264edbdf5516d6f208497310b3eedbc7b74c (patch)
tree5892cd43f713104a3d43ea17b6322abce0505d39 /block.c
parent77c9e078b4da58b5fcdeaefec03f68407d8bb53a (diff)
parent5c86bdf1208916ece0b87e1151c9b48ee54faa3e (diff)
downloadfocaccia-qemu-9f1f264edbdf5516d6f208497310b3eedbc7b74c.tar.gz
focaccia-qemu-9f1f264edbdf5516d6f208497310b3eedbc7b74c.zip
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2020-06-09-v2' into staging
NBD patches for 2020-06-09

- fix iotest 194 race
- fix CVE-2020-10761: server DoS from assertion on long NBD error messages

# gpg: Signature made Wed 10 Jun 2020 18:59:19 BST
# gpg:                using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg:                 aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2  F3AA A7A1 6B4A 2527 436A

* remotes/ericb/tags/pull-nbd-2020-06-09-v2:
  block: Call attention to truncation of long NBD exports
  nbd/server: Avoid long error message assertions CVE-2020-10761
  iotests: 194: wait for migration completion on target too

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'block.c')
-rw-r--r--block.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/block.c b/block.c
index 8416376c9b..6dbcb7e083 100644
--- a/block.c
+++ b/block.c
@@ -6809,8 +6809,11 @@ void bdrv_refresh_filename(BlockDriverState *bs)
         pstrcpy(bs->filename, sizeof(bs->filename), bs->exact_filename);
     } else {
         QString *json = qobject_to_json(QOBJECT(bs->full_open_options));
-        snprintf(bs->filename, sizeof(bs->filename), "json:%s",
-                 qstring_get_str(json));
+        if (snprintf(bs->filename, sizeof(bs->filename), "json:%s",
+                     qstring_get_str(json)) >= sizeof(bs->filename)) {
+            /* Give user a hint if we truncated things. */
+            strcpy(bs->filename + sizeof(bs->filename) - 4, "...");
+        }
         qobject_unref(json);
     }
 }