From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LaGJY-0002yI-Mr for qemu-devel@nongnu.org; Thu, 19 Feb 2009 16:20:12 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LaGJW-0002xT-NT for qemu-devel@nongnu.org; Thu, 19 Feb 2009 16:20:11 -0500 Received: from [199.232.76.173] (port=35030 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LaGJU-0002x0-Rd for qemu-devel@nongnu.org; Thu, 19 Feb 2009 16:20:08 -0500 Received: from mx2.redhat.com ([66.187.237.31]:38391) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LaGJU-00033O-FN for qemu-devel@nongnu.org; Thu, 19 Feb 2009 16:20:08 -0500 From: Eduardo Habkost Date: Thu, 19 Feb 2009 18:19:32 -0300 Message-Id: <1235078376-25559-1-git-send-email-ehabkost@redhat.com> Subject: [Qemu-devel] [PATCH 0/4] CVE-2008-0928 security fix Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori Cc: qemu-devel@nongnu.org Hi, This series is another try to fix CVE-2008-0928 on Qemu, a security vulnerability that is present since a long time. The first 3 patches are simple changes to make the way to the last patch, that is the actual fix. This fix is similar to the previous fix tat was present on Qemu SVN previously, but changes BlockDriverState to store total_bytes instead of total_sectors. This should avoid problems when byte-based reads are done on some devices, such as on qcow case. The check based on sector range done on the previous fix caused problems for qcow, as documented at: https://bugzilla.redhat.com/show_bug.cgi?id=485148 The previous fix was reverted almost a year ago but no alternative fix was committed since then. Not having a fix to the vulnerability upstream causes pain to users of the upstream code (who have a vulnerable Qemu) and developers of distributions including Qemu code (who have to carry and forward-port the fix themselves). -- Eduardo