From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44570)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mreitz@redhat.com>) id 1WTg8E-0005ke-1A
	for qemu-devel@nongnu.org; Fri, 28 Mar 2014 19:24:20 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mreitz@redhat.com>) id 1WTg85-00051x-4q
	for qemu-devel@nongnu.org; Fri, 28 Mar 2014 19:24:13 -0400
Message-ID: <53360490.40705@redhat.com>
Date: Sat, 29 Mar 2014 00:24:00 +0100
From: Max Reitz <mreitz@redhat.com>
MIME-Version: 1.0
References: <1395835569-21193-1-git-send-email-stefanha@redhat.com>
	<1395835569-21193-41-git-send-email-stefanha@redhat.com>
In-Reply-To: <1395835569-21193-41-git-send-email-stefanha@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH for-2.0 40/47] block: Limit request size
 (CVE-2014-0143)
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Hajnoczi <stefanha@redhat.com>, qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, pmatouse@redhat.com, qemu-stable@nongnu.org

On 26.03.2014 13:06, Stefan Hajnoczi wrote:
> From: Kevin Wolf <kwolf@redhat.com>
>
> Limiting the size of a single request to INT_MAX not only fixes a
> direct integer overflow in bdrv_check_request() (which would only
> trigger bad behaviour with ridiculously huge images, as in close to
> 2^64 bytes), but can also prevent overflows in all block drivers.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
>   block.c | 4 ++++
>   1 file changed, 4 insertions(+)

Reviewed-by: Max Reitz <mreitz@redhat.com>