Re: [Qemu-devel] [PATCH] 9pfs: check the size of transport buffer before marshaling

Greg, I couldn't find a way to break transport with 9p2000.L. Do you have a reproducer for the latter ? You're right! The problem is related only to 9p2000.u protocol. In this protocol to list a directory folowing chain is used: TOPEN->TREAD. 9p2000.L uses for the same goal

Re: [Qemu-devel] [PATCH] 9pfs: check the size of transport buffer before marshaling

On Thu, 14 Sep 2017 19:31:36 +0300 Jan Dakinevich wrote: > v9fs_do_readdir_with_stat() and v9fs_do_readdir() stores as much data in > the buffer as can fit unless marshaling erorr occurs. However, after > commit 23a006d the behavior pdu_marshal was changed, and on error

[Qemu-devel] [PATCH] 9pfs: check the size of transport buffer before marshaling

v9fs_do_readdir_with_stat() and v9fs_do_readdir() stores as much data in the buffer as can fit unless marshaling erorr occurs. However, after commit 23a006d the behavior pdu_marshal was changed, and on error the routine assumes that buffers are misconfigured and breaks communication.