[Qemu-devel] [PATCH v2 for-2.0 0/2] Bounds checking for VDI

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jeff Cody <jcody@redhat.com>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com, sw@weilnetz.de, stefanha@redhat.com
Subject: [Qemu-devel] [PATCH v2 for-2.0 0/2] Bounds checking for VDI
Date: Fri, 28 Mar 2014 11:42:23 -0400	[thread overview]
Message-ID: <cover.1396020500.git.jcody@redhat.com> (raw)

This is v2 of the patches from Stefan Hajnoczi's pull request for CVE patches.

Changes from v1:

    Patch 1: * Use DEFAULT_CLUSTER_SIZE instead of new
               VDI_BLOCK_SIZE (thanks Stefan Weil)
             * More informative error messages (thanks Stefan Weil)
             * Return -ENOTSUP instead of -EINVAL on images
               that exceed the maximum allowed size.  These may
               not be against spec, they are just currently unsupported.
             * Fix wrong error message, introduced in commit 
               5b7aa9b56d1bfc79916262f380c3fc7961becb50 (thanks Stefan Weil)

    Patch 2: * Update tests results to take in account new error messages.

Jeff Cody (2):
  vdi: add bounds checks for blocks_in_image and disk_size header fields
    (CVE-2014-0144)
  block: vdi bounds check qemu-io tests

 block/vdi.c                |  37 ++++++++++++++--
 tests/qemu-iotests/084     | 104 +++++++++++++++++++++++++++++++++++++++++++++
 tests/qemu-iotests/084.out |  33 ++++++++++++++
 tests/qemu-iotests/group   |   1 +
 4 files changed, 171 insertions(+), 4 deletions(-)
 create mode 100755 tests/qemu-iotests/084
 create mode 100644 tests/qemu-iotests/084.out

-- 
1.8.3.1

next             reply	other threads:[~2014-03-28 15:42 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-03-28 15:42 Jeff Cody [this message]
2014-03-28 15:42 ` [Qemu-devel] [PATCH v2 for-2.0 1/2] vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144) Jeff Cody
2014-03-28 15:42 ` [Qemu-devel] [PATCH v2 for-2.0 2/2] block: vdi bounds check qemu-io tests Jeff Cody

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1396020500.git.jcody@redhat.com \
    --to=jcody@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    --cc=sw@weilnetz.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.