On Fri, Feb 04, 2022 at 08:44:00AM -0600, Eric Blake wrote:
On Fri, Feb 04, 2022 at 10:09:26AM +0100, Laszlo Ersek wrote:
> On 02/03/22 21:25, Eric Blake wrote:
> > nbdcopy has a nasty bug when performing multi-threaded copies using
> > asynchronous nbd calls - it was blindly treating the completion of an
> > asynchronous command as successful, rather than checking the *error
> > parameter. This can result in the silent creation of a corrupted
> > image in two different ways: when a read fails, we blindly wrote
> > garbage to the destination; when a write fails, we did not flag that
> > the destination was not written.
> >
> > + /* XXX - is it worth retrying a failed command? */
> > + if (*error) {
> > + fprintf (stderr, "read at offset 0x%" PRIx64 "failed:
%s\n",
>
> Like Nir said, it should be '" failed..."'. (I'm neutral on
PRIx64 vs.
> PRIu64.)
>
> Reviewed-by: Laszlo Ersek <lersek(a)redhat.com>
>
> Thanks
> Laszlo
Now pushed upstream as a865526..8d444b4, with tweaks to patches 1 and
5 content and patch 4 commit message per review comments.
I'm starting the backport process to stable branches, and will
followup with a top-level post as the security announcement (although
given my schedule today, the announcement may be delayed to Monday).
I'll do the RHEL bugs once I see your backports to the stable branches.
(This is assuming that if a second CVE is filed we'll treat it as a
separate set of work.)
Thanks for the huge amount of work on this one.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW