git.ipfire.org Git - thirdparty/qemu.git/commit

author	Stefan Hajnoczi <stefanha@redhat.com>
	Wed, 26 Mar 2014 12:05:25 +0000 (13:05 +0100)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Thu, 3 Jul 2014 21:18:10 +0000 (16:18 -0500)
commit	1f6bda93015b6842d37343acda0c93986e78e842
tree	e935abe973a135fce9a5ad58b67b269e3170c12e	tree
parent	46c5cacbb43ff3129e4cde352ed5e1e47f69757a	commit \| diff

block/cloop: validate block_size header field (CVE-2014-0144)

Avoid unbounded s->uncompressed_block memory allocation by checking that
the block_size header field has a reasonable value. Also enforce the
assumption that the value is a non-zero multiple of 512.

These constraints conform to cloop 2.639's code so we accept existing
image files.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit d65f97a82c4ed48374a764c769d4ba1ea9724e97)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

block/cloop.c		diff \| blob \| blame \| history
tests/qemu-iotests/075		diff \| blob \| blame \| history
tests/qemu-iotests/075.out		diff \| blob \| blame \| history