From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1KWIa5-0001DL-4E
	for qemu-devel@nongnu.org; Thu, 21 Aug 2008 18:24:37 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1KWIa3-0001BH-FT
	for qemu-devel@nongnu.org; Thu, 21 Aug 2008 18:24:35 -0400
Received: from [199.232.76.173] (port=56909 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1KWIa3-0001B9-Cc
	for qemu-devel@nongnu.org; Thu, 21 Aug 2008 18:24:35 -0400
Received: from savannah.gnu.org ([199.232.41.3]:36334 helo=sv.gnu.org)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <aurelien@aurel32.net>)
	id 1KWIa3-000649-2d
	for qemu-devel@nongnu.org; Thu, 21 Aug 2008 18:24:35 -0400
Received: from cvs.savannah.gnu.org ([199.232.41.69])
	by sv.gnu.org with esmtp (Exim 4.63)
	(envelope-from <aurelien@aurel32.net>) id 1KWIa1-00019e-QM
	for qemu-devel@nongnu.org; Thu, 21 Aug 2008 22:24:33 +0000
Received: from aurel32 by cvs.savannah.gnu.org with local (Exim 4.63)
	(envelope-from <aurel32@savannah.gnu.org>) id 1KWIa1-00019R-BH
	for qemu-devel@nongnu.org; Thu, 21 Aug 2008 22:24:33 +0000
MIME-Version: 1.0
Errors-To: aurel32
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Aurelien Jarno <aurelien@aurel32.net>
Message-Id: <E1KWIa1-00019R-BH@cvs.savannah.gnu.org>
Date: Thu, 21 Aug 2008 22:24:33 +0000
Subject: [Qemu-devel] [5059] Add image format option for USB mass-storage
	devices
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Revision: 5059
          http://svn.sv.gnu.org/viewvc/?view=rev&root=qemu&revision=5059
Author:   aurel32
Date:     2008-08-21 22:24:32 +0000 (Thu, 21 Aug 2008)

Log Message:
-----------
Add image format option for USB mass-storage devices

(fix CVE-2008-1945)

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

Modified Paths:
--------------
    trunk/hw/usb-msd.c
    trunk/qemu-doc.texi

Modified: trunk/hw/usb-msd.c
===================================================================
--- trunk/hw/usb-msd.c	2008-08-21 20:12:05 UTC (rev 5058)
+++ trunk/hw/usb-msd.c	2008-08-21 22:24:32 UTC (rev 5059)
@@ -517,13 +517,42 @@
 {
     MSDState *s;
     BlockDriverState *bdrv;
+    BlockDriver *drv = NULL;
+    const char *p1;
+    char fmt[32];
 
+    p1 = strchr(filename, ':');
+    if (p1++) {
+        const char *p2;
+
+        if (strstart(filename, "format=", &p2)) {
+            int len = MIN(p1 - p2, sizeof(fmt));
+            pstrcpy(fmt, len, p2);
+
+            drv = bdrv_find_format(fmt);
+            if (!drv) {
+                printf("invalid format %s\n", fmt);
+                return NULL;
+            }
+        } else if (*filename != ':') {
+            printf("unrecognized USB mass-storage option %s\n", filename);
+            return NULL;
+        }
+
+        filename = p1;
+    }
+
+    if (!*filename) {
+        printf("block device specification needed\n");
+        return NULL;
+    }
+
     s = qemu_mallocz(sizeof(MSDState));
     if (!s)
         return NULL;
 
     bdrv = bdrv_new("usb");
-    if (bdrv_open(bdrv, filename, 0) < 0)
+    if (bdrv_open2(bdrv, filename, 0, drv) < 0)
         goto fail;
     if (qemu_key_check(bdrv, filename))
         goto fail;

Modified: trunk/qemu-doc.texi
===================================================================
--- trunk/qemu-doc.texi	2008-08-21 20:12:05 UTC (rev 5058)
+++ trunk/qemu-doc.texi	2008-08-21 22:24:32 UTC (rev 5059)
@@ -550,8 +550,10 @@
 means qemu is able to report the mouse position without having to grab the
 mouse. Also overrides the PS/2 mouse emulation when activated.
 
-@item disk:file
-Mass storage device based on file
+@item disk:[format=@var{format}]:file
+Mass storage device based on file. The optional @var{format} argument
+will be used rather than detecting the format. Can be used to specifiy
+format=raw to avoid interpreting an untrusted format header.
 
 @item host:bus.addr
 Pass through the host device identified by bus.addr (Linux only).