aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--nbd/server.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/nbd/server.c b/nbd/server.c
index 2a4dd10f52..a13a69169a 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -449,11 +449,19 @@ static int nbd_negotiate_options(NBDClient *client)
client->ioc = QIO_CHANNEL(tioc);
break;
+ case NBD_OPT_EXPORT_NAME:
+ /* No way to return an error to client, so drop connection */
+ TRACE("Option 0x%x not permitted before TLS", clientflags);
+ return -EINVAL;
+
default:
TRACE("Option 0x%x not permitted before TLS", clientflags);
+ if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
+ return -EIO;
+ }
nbd_negotiate_send_rep(client->ioc, NBD_REP_ERR_TLS_REQD,
clientflags);
- return -EINVAL;
+ break;
}
} else if (fixedNewstyle) {
switch (clientflags) {
@@ -471,6 +479,9 @@ static int nbd_negotiate_options(NBDClient *client)
return nbd_negotiate_handle_export_name(client, length);
case NBD_OPT_STARTTLS:
+ if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
+ return -EIO;
+ }
if (client->tlscreds) {
TRACE("TLS already enabled");
nbd_negotiate_send_rep(client->ioc, NBD_REP_ERR_INVALID,
@@ -480,7 +491,7 @@ static int nbd_negotiate_options(NBDClient *client)
nbd_negotiate_send_rep(client->ioc, NBD_REP_ERR_POLICY,
clientflags);
}
- return -EINVAL;
+ break;
default:
TRACE("Unsupported option 0x%x", clientflags);
if (nbd_negotiate_drop_sync(client->ioc, length) != length) {