Patch 1 is a revised version after Maxim's comments - it moves the length checks earlier into the system (for cleaner error messages as soon as possible) and adds asserts at the later points that are now guaranteed by the earlier checks. It also covers more string handling, both in the client and in the server, by ensuring that outgoing strings are properly constrained and incoming strings are checked for validity before blind use.
Patch 2 is a new patch, written to make testing of description strings in patch 1 easier. Eric Blake (2): nbd: Don't send oversize strings nbd: Allow description when creating NBD blockdev qapi/block.json | 8 +++++--- include/block/nbd.h | 1 + block/nbd.c | 9 +++++++++ blockdev-nbd.c | 14 +++++++++++++- monitor/hmp-cmds.c | 4 ++-- nbd/client.c | 16 +++++++++++++--- nbd/server.c | 14 ++++++++++++-- qemu-nbd.c | 9 +++++++++ tests/qemu-iotests/223 | 2 +- tests/qemu-iotests/223.out | 1 + 10 files changed, 66 insertions(+), 12 deletions(-) -- 2.21.0