* [Qemu-devel] [PATCH v2] qcow2: Reject too large header extensions
@ 2012-02-28 10:26 Kevin Wolf
2012-02-28 12:07 ` Stefan Hajnoczi
0 siblings, 1 reply; 2+ messages in thread
From: Kevin Wolf @ 2012-02-28 10:26 UTC (permalink / raw)
To: qemu-devel; +Cc: kwolf, stefanha
Image files that make qemu-img info read several gigabytes into the
unknown header extensions list are bad. Just fail opening the image
if an extension claims to be larger than the header extension area.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/qcow2.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/block/qcow2.c b/block/qcow2.c
index f68f0e1..eb5ea48 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -108,6 +108,11 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
#ifdef DEBUG_EXT
printf("ext.magic = 0x%x\n", ext.magic);
#endif
+ if (ext.len > end_offset - offset) {
+ error_report("Header extension too large");
+ return -EINVAL;
+ }
+
switch (ext.magic) {
case QCOW2_EXT_MAGIC_END:
return 0;
--
1.7.6.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [PATCH v2] qcow2: Reject too large header extensions
2012-02-28 10:26 [Qemu-devel] [PATCH v2] qcow2: Reject too large header extensions Kevin Wolf
@ 2012-02-28 12:07 ` Stefan Hajnoczi
0 siblings, 0 replies; 2+ messages in thread
From: Stefan Hajnoczi @ 2012-02-28 12:07 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-devel
On Tue, Feb 28, 2012 at 10:26 AM, Kevin Wolf <kwolf@redhat.com> wrote:
> Image files that make qemu-img info read several gigabytes into the
> unknown header extensions list are bad. Just fail opening the image
> if an extension claims to be larger than the header extension area.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/qcow2.c | 5 +++++
> 1 files changed, 5 insertions(+), 0 deletions(-)
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-02-28 12:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-02-28 10:26 [Qemu-devel] [PATCH v2] qcow2: Reject too large header extensions Kevin Wolf
2012-02-28 12:07 ` Stefan Hajnoczi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).