A server that sticks a super-long UTF-8 string in an error reply could cause problems for clients. Should we have an upper bound on the length permissible in NBD_REP_ERR_*, such as 4096, and permit clients to disconnect if the server sends a length larger than that, so that clients can usefully read the error message into a stack-local buffer rather than having to heap-allocate and worry about a rogue server sending a message as large as 2^32 bytes? -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature