From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1JZCsl-0000lI-K4 for qemu-devel@nongnu.org; Tue, 11 Mar 2008 18:23:39 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1JZCsk-0000ki-FH for qemu-devel@nongnu.org; Tue, 11 Mar 2008 18:23:38 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JZCsk-0000ke-Bo for qemu-devel@nongnu.org; Tue, 11 Mar 2008 18:23:38 -0400 Received: from hall.aurel32.net ([88.191.38.19]) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1JZCsk-0005qn-1c for qemu-devel@nongnu.org; Tue, 11 Mar 2008 18:23:38 -0400 Received: from volta-wlan.aurel32.net ([2002:52e8:2fb:ffff:21d:e0ff:fe49:1047] helo=volta.aurel32.net) by hall.aurel32.net with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1JZCsi-0000ZO-DS for qemu-devel@nongnu.org; Tue, 11 Mar 2008 23:23:36 +0100 Received: from localhost.aurel32.net ([127.0.0.1] ident=aurel32) by volta.aurel32.net with esmtp (Exim 4.69) (envelope-from ) id 1JZCsm-0001x2-45 for qemu-devel@nongnu.org; Tue, 11 Mar 2008 23:23:40 +0100 Message-ID: <47D7066B.80109@aurel32.net> Date: Tue, 11 Mar 2008 23:23:39 +0100 From: Aurelien Jarno MIME-Version: 1.0 Subject: Re: [Qemu-devel] qemu block-qcow.c block-qcow2.c block-vmdk.c bl... References: <47D6C1B5.2090002@bellard.org> In-Reply-To: <47D6C1B5.2090002@bellard.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Fabrice Bellard a écrit : > IMHO it would be much simpler to do all the tests in the block format > handlers. > Do you mean move all the tests into block-{qcow,qcow2,vmdk}.c ? > Aurelien Jarno wrote: >> CVSROOT: /sources/qemu >> Module name: qemu >> Changes by: Aurelien Jarno 08/03/11 17:17:59 >> >> Modified files: >> . : block-qcow.c block-qcow2.c block-vmdk.c block.c >> block.h block_int.h >> Log message: >> Fix CVE-2008-0928 - insufficient block device address range checking >> >> Qemu 0.9.1 and earlier does not perform range checks for block device >> read or write requests, which allows guest host users with root >> privileges to access arbitrary memory and escape the virtual machine. >> >> CVSWeb URLs: >> http://cvs.savannah.gnu.org/viewcvs/qemu/block-qcow.c?cvsroot=qemu&r1=1.15&r2=1.16 >> >> http://cvs.savannah.gnu.org/viewcvs/qemu/block-qcow2.c?cvsroot=qemu&r1=1.10&r2=1.11 >> >> http://cvs.savannah.gnu.org/viewcvs/qemu/block-vmdk.c?cvsroot=qemu&r1=1.19&r2=1.20 >> >> http://cvs.savannah.gnu.org/viewcvs/qemu/block.c?cvsroot=qemu&r1=1.54&r2=1.55 >> >> http://cvs.savannah.gnu.org/viewcvs/qemu/block.h?cvsroot=qemu&r1=1.6&r2=1.7 >> >> http://cvs.savannah.gnu.org/viewcvs/qemu/block_int.h?cvsroot=qemu&r1=1.16&r2=1.17 >> >> >> >> > > > > -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' aurel32@debian.org | aurelien@aurel32.net `- people.debian.org/~aurel32 | www.aurel32.net