block/export: fix vhost-user-blk get_config() information leak

Refuse get_config() requests in excess of sizeof(struct virtio_blk_config).

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20201027173528.213464-5-stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
Stefan Hajnoczi 2020-10-27 17:35:20 +00:00 committed by Michael S. Tsirkin
parent 11f60f7eae
commit f8ffcb2bda

View File

@ -266,6 +266,9 @@ vu_blk_get_config(VuDev *vu_dev, uint8_t *config, uint32_t len)
{
VuServer *server = container_of(vu_dev, VuServer, vu_dev);
VuBlkExport *vexp = container_of(server, VuBlkExport, vu_server);
g_return_val_if_fail(len <= sizeof(struct virtio_blk_config), -1);
memcpy(config, &vexp->blkcfg, len);
return 0;
}