search

xapi-project / nbd

Ocaml NBD library
https://xapi-project.github.io/nbd/
Other
14 stars 16 forks source link

Server's responses to NBD_OPT_LIST have incorrect length field #128

Closed gaborigloi closed 6 years ago

gaborigloi commented 6 years ago

I've found this issue by trying to connect from qemu (I've specified a list of offers in the cli code), listing the exports with nbd-client doesn't work either:

~/src $ qemu-img convert nbd:0.0.0.0:10809:exportname=test -O qcow2 /tmp/out                                                                                                     
qemu-img: Could not open 'nbd:0.0.0.0:10809:exportname=test': incorrect option name length 
~/src $ nbd-client -l localhost
Negotiation: ..

E: export name on server too long
~/src $ nbd-client -l 0.0.0.0
Negotiation: ..

E: export name on server too long

The TCP stream:

    00000000  4e 42 44 4d 41 47 49 43  49 48 41 56 45 4f 50 54 NBDMAGIC IHAVEOPT
    00000010  00 01                                            ..
00000000  00 00 00 01                                      ....
00000004  49 48 41 56 45 4f 50 54  00 00 00 08 00 00 00 00 IHAVEOPT ........
    00000012  00 03 e8 89 04 55 65 a9  00 00 00 08 80 00 00 01 .....Ue. ........
    00000022  00 00 00 00                                      ....
00000014  49 48 41 56 45 4f 50 54  00 00 00 07 00 00 00 0c IHAVEOPT ........
00000024  00 00 00 04 74 65 73 74  00 01 00 03             ....test ....
    00000026  00 03 e8 89 04 55 65 a9  00 00 00 07 80 00 00 01 .....Ue. ........
    00000036  00 00 00 00                                      ....
00000030  49 48 41 56 45 4f 50 54  00 00 00 03 00 00 00 00 IHAVEOPT ........
    0000003A  00 03 e8 89 04 55 65 a9  00 00 00 03 00 00 00 02 .....Ue. ........
    0000004A  00 00 00 04                                      ....
    0000004E  74 65 73 74 00 03 e8 89  04 55 65 a9 00 00 00 03 test.... .Ue.....
    0000005E  00 00 00 01 00 00 00 00                          ........ 
00000040  49 48 41 56 45 4f 50 54  00 00 00 02 00 00 00 00 IHAVEOPT ........

The commands are

NBD_OPT_STRUCTURED_REPLY →
← NBD_REP_ERR_UNSUP
NBD_OPT_GO →
← NBD_REP_ERR_UNSUP
NBD_OPT_LIST →
← response with invalid `length=4` field - response data is longer than 4 bytes
NBD_OPT_ABORT →