From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LaGe0-0006Oz-AD
	for qemu-devel@nongnu.org; Thu, 19 Feb 2009 16:41:20 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LaGdz-0006Nz-Fu
	for qemu-devel@nongnu.org; Thu, 19 Feb 2009 16:41:19 -0500
Received: from [199.232.76.173] (port=55568 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LaGdz-0006NO-4x
	for qemu-devel@nongnu.org; Thu, 19 Feb 2009 16:41:19 -0500
Received: from mx2.redhat.com ([66.187.237.31]:44265)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <ehabkost@redhat.com>) id 1LaGdy-0005WS-Mu
	for qemu-devel@nongnu.org; Thu, 19 Feb 2009 16:41:18 -0500
Content-Type: text/plain; charset=UTF-8
Subject: Re: [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block
	device address range checking
From: Eduardo Habkost <ehabkost@raisama.net>
References: <1235078376-25559-1-git-send-email-ehabkost@redhat.com>
	<1235078376-25559-5-git-send-email-ehabkost@redhat.com>
In-Reply-To: <1235078376-25559-5-git-send-email-ehabkost@redhat.com>
Date: Thu, 19 Feb 2009 18:40:48 -0300
Message-Id: <1235079502-sup-3182@blackpad>
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Eduardo Pereira Habkost <ehabkost@redhat.com>
Cc: qemu-devel <qemu-devel@nongnu.org>

Excerpts from Eduardo Pereira Habkost's message of Qui Fev 19 18:19:36 -0300 2009:
> From: Aurelien Jarno <aurel32>

Oops. The line above wasn't supposed to be there. Author info on my git
repository got messed when I've squashed two patches.

> 
> This is based on an old patch commited by Aurelien Jarno whose commit
> message was:
> 
>   Fix CVE-2008-0928 - insufficient block device address range checking
> 
>   Qemu 0.9.1 and earlier does not perform range checks for block device
>   read or write requests, which allows guest host users with root
>   privileges to access arbitrary memory and escape the virtual machine.
> 
> In addition to the changes done by the previous patch, this patch changes
> total_sectors to total_bytes, so that the range checking works for
> backing devices that are not sector-based (for example, when block-qcow
> is reading the backing file). This was done to avoid bugs such as:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=485148
> 
> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
-- 
Eduardo