server: reset meta context replies on starttls
Related to CVE-2021-3716, but not as severe. No compliant client will send NBD_CMD_BLOCK_STATUS unless it first negotiates NBD_OPT_SET_META_CONTEXT. If an attacker injects a premature SET_META_CONTEXT, either the client will never notice (because it never uses BLOCK_STATUS), or the client will overwrite the attacker's attempt with the client's own SET_META_CONTEXT request after encryption is enabled. So I don't class this as having the potential to trigger denial-of-service due to any protocol mismatch between compliant client and server (I don't care what happens with non-compliant clients). Fixes: 26455d45 (server: protocol: Implement Block Status "base:allocation".)
parent
ff617f38
Please register or sign in to comment