From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37029)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jcody@redhat.com>) id 1WTYvT-00050w-F8
	for qemu-devel@nongnu.org; Fri, 28 Mar 2014 11:42:41 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jcody@redhat.com>) id 1WTYvN-0006L3-B6
	for qemu-devel@nongnu.org; Fri, 28 Mar 2014 11:42:35 -0400
Received: from mx1.redhat.com ([209.132.183.28]:50953)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jcody@redhat.com>) id 1WTYvN-0006Kg-2f
	for qemu-devel@nongnu.org; Fri, 28 Mar 2014 11:42:29 -0400
From: Jeff Cody <jcody@redhat.com>
Date: Fri, 28 Mar 2014 11:42:23 -0400
Message-Id: <cover.1396020500.git.jcody@redhat.com>
Subject: [Qemu-devel] [PATCH v2 for-2.0 0/2] Bounds checking for VDI
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com, sw@weilnetz.de, stefanha@redhat.com

This is v2 of the patches from Stefan Hajnoczi's pull request for CVE patches.

Changes from v1:

    Patch 1: * Use DEFAULT_CLUSTER_SIZE instead of new
               VDI_BLOCK_SIZE (thanks Stefan Weil)
             * More informative error messages (thanks Stefan Weil)
             * Return -ENOTSUP instead of -EINVAL on images
               that exceed the maximum allowed size.  These may
               not be against spec, they are just currently unsupported.
             * Fix wrong error message, introduced in commit 
               5b7aa9b56d1bfc79916262f380c3fc7961becb50 (thanks Stefan Weil)

    Patch 2: * Update tests results to take in account new error messages.

Jeff Cody (2):
  vdi: add bounds checks for blocks_in_image and disk_size header fields
    (CVE-2014-0144)
  block: vdi bounds check qemu-io tests

 block/vdi.c                |  37 ++++++++++++++--
 tests/qemu-iotests/084     | 104 +++++++++++++++++++++++++++++++++++++++++++++
 tests/qemu-iotests/084.out |  33 ++++++++++++++
 tests/qemu-iotests/group   |   1 +
 4 files changed, 171 insertions(+), 4 deletions(-)
 create mode 100755 tests/qemu-iotests/084
 create mode 100644 tests/qemu-iotests/084.out

-- 
1.8.3.1