(cherry picked from commit 6e154aed)

When a user sends a name length value of 0xffffffff, nbd-server will try
to allocate one more byte for the \0 at the end, but that will result in
an integer overflow and a malloc(0), with the resulting write being to a
dangling pointer.

Fix by constraining the string size to 4096 bytes, as recommended by the
protocol standard.

This issue exists in NBD_OPT_INFO/NBD_OPT_GO handling as well as in
NBD_OPT_EXPORT_NAME handling.

CVE-2022-26495

Reported-By: 王多 <duo.wang@chaitin.com>
Signed-Off-By: Wouter Verhelst <w@uter.be>
(cherry picked from commit 4e5c5d2e)

When len - sizeof(namelen) > 1024, we have a buffer overflow.

Fix by using the "consume" function, which was written for that purpose.

CVE-2022-26496

Reported-By: Dialluvioso <dialluvioso@protonmail.com>
Reported-By: 王多 <duo.wang@chaitin.com>
Signed-Off-By: Wouter Verhelst <w@uter.be>
(cherry picked from commit 3740ff7f)

debian/control: add docbook-utils to build-depends. This shouldn't strictly be necessary, but it's the quickest fix that allows the package to build again... Closes: #922383

Closes: !1

Tagging nbd 3.19

Currently, 'make distcheck' fails because some manpage dependencies are
left over, which we don't want.

Rework this in terms of a conditional, so tha it doesn't fail anymore.

1024 bytes was originally chosen as fitting nicely inside an ethernet
frame. That didn't really make much sense, but the issue was masked by
the kernel actually ignoring block sizes due to a bug.

Now that the kernel bug is fixed, the result is that partitions are
parsed incorrectly, resulting in confusing behaviour.

Fix by defaulting to 512. For the rare case where 1024 bytes still makes
sense, the -b parameter still exists.

Closes: gh-90

commit 2e7b8e0d649267d2824de0f1d0c02fa23125219b
Author: Austin S. Hemmelgarn <ahferroin7@gmail.com>
Date:   Mon Nov 26 10:32:02 2018 -0500

    Simplify listening socket creation logic.

    As suggested by @yoe.

commit 73518c1a931e3a309d5233d562cc53c683bcdc88
Author: Austin S. Hemmelgarn <ahferroin7@gmail.com>
Date:   Thu Nov 15 09:25:22 2018 -0500

    nbd-server: Add an option to listen on both UDS and TCP/SDP

    This adds a configuration parameter `duallisten` for nbd-server.  When
    true and a unix socket is specified, this will cause nbd-server to also
    listen on any TCP/SDP sockets it would have listened on if the unix
    socket had not been specified.

commit 3dd8449db6ef6198813230026879c0df0c087e7e
Author: Austin S. Hemmelgarn <ahferroin7@gmail.com>
Date:   Fri Nov 9 10:08:55 2018 -0500

    Don't listen on TCP if we are using a UNIX socket.

    Currently, `nbd-server` will open a listening TCP socket even if it's
    been asked to use a UNIX domain socket.  This is inconsistent with
    typical behavior of applications which can use UNIX sockets, and may
    present a security risk on some systems.

    This commit modifies this behavior so that use of a UNIX socket and
    other types of socket is mutually exclusive.  You can only listen on a
    regular (TCP or SDP) socket or a UNIX socket, but not both, with the
    prescense of the `unixsock` option taking precendence over any other
    listener configuration.

    This has a small potential to break some existing installations, though
    they are arguably depending on broken behavior to begin with.

    The manual page is also updated to reflect this change.

Signed-off-by: Austin S. Hemmelgarn <ahferroin7@gmail.com>

- Remove incorrect -netlink parameter from options (no such option
  exists)
- Move the "TLS support" section to a more appropriate place

When the client sends a NBD_OPT_INFO request, commit_client is not
called. So client->server does not get set, causing nbd-server to
segfault. Passing the SERVER* explicitly allows us to send the export
info without committing first.

Signed-off-by: Eric Blake <eblake@redhat.com>

`[link text](link location)` doesn't work as a link.
(I wish there were an easier way to test markdown output than just
doing live updates to the page...)

Signed-off-by: Eric Blake <eblake@redhat.com>

Signed-off-by: Eric Blake <eblake@redhat.com>

Adriana Kobylak authored Oct 03, 2018 and Wouter Verhelst committed Oct 03, 2018

Some environments like embedded systems may not care about about
the man pages, which require the SGML tools to be installed.

So add an option to make the man pages optional to make it easier
to build nbd-server and nbd-client without the need for installing
the SGML tools.

Signed-off-by: Adriana Kobylak <anoo@linux.ibm.com>
Signed-off-by: Wouter Verhelst <w@uter.be>

This needs to be %m, not %M.

Fixes: gh-81

use salsa for that instead

Yak shaving is fun! not.

The build tries to ensure that we build from a clean git checkout.
That's nice, but it fails if git is not installed. While we could
conditionalize that on not being inside gitlab-ci, just installing git
is easier...

Since, apparently, apt doesn't have a stable interface.

Debian now has a CI infra on salsa; use that instead.