From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:38898) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UVjPi-0004HI-3m for qemu-devel@nongnu.org; Fri, 26 Apr 2013 10:14:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UVjPh-0004Pa-1Q for qemu-devel@nongnu.org; Fri, 26 Apr 2013 10:14:14 -0400 Received: from e23smtp03.au.ibm.com ([202.81.31.145]:58098) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UVjPg-0004PJ-Gh for qemu-devel@nongnu.org; Fri, 26 Apr 2013 10:14:12 -0400 Received: from /spool/local by e23smtp03.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Sat, 27 Apr 2013 00:06:20 +1000 Received: from d23relay05.au.ibm.com (d23relay05.au.ibm.com [9.190.235.152]) by d23dlp03.au.ibm.com (Postfix) with ESMTP id E7B09357804A for ; Sat, 27 Apr 2013 00:14:05 +1000 (EST) Received: from d23av03.au.ibm.com (d23av03.au.ibm.com [9.190.234.97]) by d23relay05.au.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id r3QE0GVc19660832 for ; Sat, 27 Apr 2013 00:00:17 +1000 Received: from d23av03.au.ibm.com (loopback [127.0.0.1]) by d23av03.au.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id r3QEE2g6010318 for ; Sat, 27 Apr 2013 00:14:02 +1000 From: Anthony Liguori In-Reply-To: <20130426123124.GB15119@redhat.com> References: <1366875807-3491-1-git-send-email-jasowang@redhat.com> <87fvyebbwb.fsf@codemonkey.ws> <20130425210242.GB2908@redhat.com> <878v461c1k.fsf@codemonkey.ws> <517A0B3D.1020202@redhat.com> <517A57AB.60804@redhat.com> <517A57FD.3090700@redhat.com> <20130426123124.GB15119@redhat.com> Date: Fri, 26 Apr 2013 09:13:55 -0500 Message-ID: <87ip39nzvg.fsf@codemonkey.ws> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: [Qemu-devel] [PATCH] virtio: abort on zero config length List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Michael S. Tsirkin" , Jason Wang Cc: qemu-devel@nongnu.org "Michael S. Tsirkin" writes: > On Fri, Apr 26, 2013 at 06:33:33PM +0800, Jason Wang wrote: >> On 04/26/2013 06:32 PM, Eric Blake wrote: >> > On 04/25/2013 11:06 PM, Jason Wang wrote: >> >>>> if (addr > (vdev->config_len - sizeof(val))) >> >>>> >> >>>> ^^^^^^^^^ quiz: spot a bug above if config_len is 0 :) >> >>> Then we need to fix these bugs and allocate a CVE. virtio-rng has >> >>> shipped. This code is also dumb. >> >> Ok, but since the discussion is in public list, no need for CVE then. >> > Wrong. CVEs are useful even for publicly disclosed bugs. It tells >> > people whether they need to upgrade in order to avoid a vulnerability. >> > >> > What we don't need is embargo. But we do need a CVE. >> > >> >> True, thanks for the correction. > > I think we never shipped QEMU release with this bug. So no need for > CVEs. I'm not sure upstream has to bother with CVEs - we can just say > this is downstream work. Uh, we certainly do. QEMU 1.4 had virtio-rng and therefore had this bug so we need to allocate a CVE. Regards, Anthony Liguori > > -- > MST