]> Git Repo - qemu.git/commit
projects / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 05560fc) | patch
block/cloop: validate block_size header field (CVE-2014-0144)
authorStefan Hajnoczi <[email protected]>
Wed, 26 Mar 2014 12:05:25 +0000 (13:05 +0100)
committerStefan Hajnoczi <[email protected]>
Tue, 1 Apr 2014 11:59:47 +0000 (13:59 +0200)
commitd65f97a82c4ed48374a764c769d4ba1ea9724e97
tree05862210ea0612a34831197254409ac1a1e2f96ftree | snapshot
parent05560fcebb1528f4354f6f24d1eb8cdbcdf2c4b2commit | diff
block/cloop: validate block_size header field (CVE-2014-0144)

Avoid unbounded s->uncompressed_block memory allocation by checking that
the block_size header field has a reasonable value.  Also enforce the
assumption that the value is a non-zero multiple of 512.

These constraints conform to cloop 2.639's code so we accept existing
image files.

Signed-off-by: Stefan Hajnoczi <[email protected]>
Signed-off-by: Kevin Wolf <[email protected]>
Reviewed-by: Max Reitz <[email protected]>
Signed-off-by: Stefan Hajnoczi <[email protected]>
block/cloop.c diff | blob | blame | history
tests/qemu-iotests/075 diff | blob | blame | history
tests/qemu-iotests/075.out diff | blob | blame | history
Empty description
This page took 0.026414 seconds and 4 git commands to generate.