CVE-2020-10761 QEMU: nbd: reachable assertion failure innbd_negotiate_send_rep_verr via remote client

[P J P <ppandit () redhat com>]

  Hello,

Quick Emulator(Qemu) built with the Network Block Device(NBD) Server support 
is vulnerable to a crash via assertion failure. It could occur when a 
nbd-client sends a spec-compliant request that is near the boundary of the 
maximum permitted length. A remote user/process could use this flaw to crash 
the qemu-nbd server resulting in DoS.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html

Issue introduced since QEMU v4.2
  -> https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af
    server:
    - Adjust things to allow full 4k name limit rather than previous 256 byte
      limit

    - It allowed nbd-client to send longer (>256 bytes) export names

This issue was reported by Eric Blake and Xueqiang Wei of Red Hat Inc.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D