d/numam-spdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

nvmf: verify that Connect NQNs are null terminated

Browse Source 
The spec requires that NQNs are null terminated and maximum of 223 bytes
long, despite the Connect command fields being larger (256 bytes), so
add checks for both subsystem NQN and host NQN before using them as null
terminated strings.

Change-Id: I343d9e44a09ab4d0f6654feba460b31e976c4e56
Signed-off-by: Daniel Verkamp <daniel.verkamp@intel.com>
This commit is contained in:
Daniel Verkamp 2016-08-16 11:14:05 -07:00
parent dcf49aa018
commit 975362d236
1 changed files with 15 additions and 0 deletions

15
lib/nvmf/request.c

@ -184,6 +184,7 @@ nvmf_process_connect(struct spdk_nvmf_request *req)
struct spdk_nvmf_fabric_connect_data *data = (struct spdk_nvmf_fabric_connect_data *)
req->data;
struct spdk_nvmf_fabric_connect_rsp *rsp = &req->rsp->connect_rsp;
void *end;
#define INVALID_CONNECT_DATA(field) invalid_connect_response(rsp, 1, offsetof(struct spdk_nvmf_fabric_connect_data, field))
@ -193,6 +194,20 @@ nvmf_process_connect(struct spdk_nvmf_request *req)
return SPDK_NVMF_REQUEST_EXEC_STATUS_COMPLETE;
}
/* Ensure that subnqn and hostnqn are null terminated */
end = memchr(data->subnqn, '\0', SPDK_NVMF_NQN_MAX_LEN);
if (!end) {
SPDK_ERRLOG("Connect SUBNQN is not null terminated\n");
INVALID_CONNECT_DATA(subnqn);
return SPDK_NVMF_REQUEST_EXEC_STATUS_COMPLETE;
}
end = memchr(data->hostnqn, '\0', SPDK_NVMF_NQN_MAX_LEN);
if (!end) {
SPDK_ERRLOG("Connect HOSTNQN is not null terminated\n");
INVALID_CONNECT_DATA(hostnqn);
return SPDK_NVMF_REQUEST_EXEC_STATUS_COMPLETE;
}
/* Look up the requested subsystem */
subsystem = nvmf_find_subsystem(data->subnqn, data->hostnqn);
if (subsystem == NULL) {