On 02/03/2017 06:47 PM, Vladimir Sementsov-Ogievskiy wrote:
> Only one meta context type is defined: qemu-bitmap:<bitmap-name>.
> Maximum one query is allowed for NBD_OPT_{SET,LIST}_META_CONTEXT,
> NBD_REP_ERR_TOO_BIG is returned otherwise.
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <[email protected]>
...
> +static int nbd_negotiate_opt_meta_context_start(NBDClient *client, uint32_t
> opt,
> + uint32_t length,
> + uint32_t *nb_queries,
> + BlockDriverState **bs)
> +{
> + int ret;
> + NBDExport *exp;
> + char *export_name;
> + int nb_read = 0;
> +
> + if (!client->structured_reply) {
> + uint32_t tail = length - nb_read;
> + LOG("Structured reply is not negotiated");
> +
> + if (nbd_negotiate_drop_sync(client->ioc, tail) != tail) {
> + return -EIO;
> + }
> + ret = nbd_negotiate_send_rep_err(client->ioc, NBD_REP_ERR_INVALID,
> opt,
> + "Structured reply is not
> negotiated");
> + g_free(export_name);
export_name is not initialized here! for me there is no need to free
anything here
> +
> + if (ret < 0) {
> + return ret;
> + } else {
> + *bs = NULL;
> + *nb_queries = 0;
> + return length;
> + }
> + }
> +
> + nb_read = nbd_negotiate_read_size_string(client->ioc, &export_name,
> + NBD_MAX_NAME_SIZE);
> + if (nb_read < 0) {
> + return nb_read;
> + }
> +
> + exp = nbd_export_find(export_name);
> + if (exp == NULL) {
> + uint32_t tail = length - nb_read;
> + LOG("export '%s' is not found", export_name);
> +
> + if (nbd_negotiate_drop_sync(client->ioc, tail) != tail) {
export_name is leaked on this path
> + return -EIO;
> + }
> + ret = nbd_negotiate_send_rep_err(client->ioc, NBD_REP_ERR_INVALID,
> opt,
> + "export '%s' is not found",
> + export_name);
> + g_free(export_name);
> +
