projects / sdk / emulator / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 24342f2) | patch
qcow2: Check backing_file_offset (CVE-2014-0144)
authorKevin Wolf <kwolf@redhat.com>
Wed, 26 Mar 2014 12:05:42 +0000 (13:05 +0100)
committerStefan Hajnoczi <stefanha@redhat.com>
Tue, 1 Apr 2014 12:19:09 +0000 (14:19 +0200)
commita1b3955c9415b1e767c130a2f59fee6aa28e575b
treec4560b854410ca2629eb5f6c2512664fa180d206tree | snapshot
parent24342f2cae47d03911e346fe1e520b00dc2818e0commit | diff
qcow2: Check backing_file_offset (CVE-2014-0144)

Header, header extension and the backing file name must all be stored in
the first cluster. Setting the backing file to a much higher value
allowed header extensions to become much bigger than we want them to be
(unbounded allocation).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
block/qcow2.c diff | blob | history
tests/qemu-iotests/080 diff | blob | history
tests/qemu-iotests/080.out diff | blob | history
Domain: SDK / Emulator;