From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1JZ8KP-0004fI-KG
	for qemu-devel@nongnu.org; Tue, 11 Mar 2008 13:31:53 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1JZ8KP-0004fA-AE
	for qemu-devel@nongnu.org; Tue, 11 Mar 2008 13:31:53 -0400
Received: from mx1.polytechnique.org ([129.104.30.34])
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <fabrice@bellard.org>) id 1JZ8KO-0002GH-Vw
	for qemu-devel@nongnu.org; Tue, 11 Mar 2008 13:31:53 -0400
Received: from fbe1.dev.netgem.com (gw.netgem.com [195.68.2.34])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ssl.polytechnique.org (Postfix) with ESMTP id 89EF33316A
	for <qemu-devel@nongnu.org>; Tue, 11 Mar 2008 18:30:29 +0100 (CET)
Message-ID: <47D6C1B5.2090002@bellard.org>
Date: Tue, 11 Mar 2008 18:30:29 +0100
From: Fabrice Bellard <fabrice@bellard.org>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] qemu block-qcow.c block-qcow2.c block-vmdk.c bl...
References: <E1JZ86x-0004mP-EW@cvs.savannah.gnu.org>
In-Reply-To: <E1JZ86x-0004mP-EW@cvs.savannah.gnu.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

IMHO it would be much simpler to do all the tests in the block format 
handlers.

Fabrice.

Aurelien Jarno wrote:
> CVSROOT:	/sources/qemu
> Module name:	qemu
> Changes by:	Aurelien Jarno <aurel32>	08/03/11 17:17:59
> 
> Modified files:
> 	.              : block-qcow.c block-qcow2.c block-vmdk.c block.c 
> 	                 block.h block_int.h 
> 
> Log message:
> 	Fix CVE-2008-0928 - insufficient block device address range checking
> 	
> 	Qemu 0.9.1 and earlier does not perform range checks for block device
> 	read or write requests, which allows guest host users with root
> 	privileges to access arbitrary memory and escape the virtual machine.
> 
> CVSWeb URLs:
> http://cvs.savannah.gnu.org/viewcvs/qemu/block-qcow.c?cvsroot=qemu&r1=1.15&r2=1.16
> http://cvs.savannah.gnu.org/viewcvs/qemu/block-qcow2.c?cvsroot=qemu&r1=1.10&r2=1.11
> http://cvs.savannah.gnu.org/viewcvs/qemu/block-vmdk.c?cvsroot=qemu&r1=1.19&r2=1.20
> http://cvs.savannah.gnu.org/viewcvs/qemu/block.c?cvsroot=qemu&r1=1.54&r2=1.55
> http://cvs.savannah.gnu.org/viewcvs/qemu/block.h?cvsroot=qemu&r1=1.6&r2=1.7
> http://cvs.savannah.gnu.org/viewcvs/qemu/block_int.h?cvsroot=qemu&r1=1.16&r2=1.17
> 
> 
>