The NBD protocol states that servers may still choose to honor various NBD_OPT_* from a client that did not reply with NBD_FLAG_C_FIXED_NEWSTYLE; however, for integration testing purposes, it's a lot nicer if we reject everything except NBD_OPT_EXPORT_NAME from such a client (for example, with this in place, we might have spotted the bug fixed in commit e03b34d6 a bit sooner). Thus, a client that does not claim to understand fixed newstyle can now no longer trigger TLS, structured replies, meta contexts, or the nicer handling of NBD_OPT_GO. All well-known clients listed in nbdkit-protocol.pod default to requesting fixed newstyle, so this shouldn't affect normal usage.
Signed-off-by: Eric Blake <ebl...@redhat.com> --- server/protocol-handshake-newstyle.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/server/protocol-handshake-newstyle.c b/server/protocol-handshake-newstyle.c index 9ddc3198..486d416f 100644 --- a/server/protocol-handshake-newstyle.c +++ b/server/protocol-handshake-newstyle.c @@ -259,6 +259,16 @@ negotiate_handshake_newstyle_options (struct connection *conn) option = be32toh (new_option.option); optname = name_of_nbd_opt (option); + /* If the client lacks fixed newstyle support, it should only send + * NBD_OPT_EXPORT_NAME. + */ + if (!(conn->cflags & NBD_FLAG_FIXED_NEWSTYLE) && + option != NBD_OPT_EXPORT_NAME) { + if (send_newstyle_option_reply (conn, option, NBD_REP_ERR_INVALID)) + return -1; + continue; + } + /* In --tls=require / FORCEDTLS mode the only options allowed * before TLS negotiation are NBD_OPT_ABORT and NBD_OPT_STARTTLS. */ -- 2.21.0 _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://www.redhat.com/mailman/listinfo/libguestfs