mirrors
/
qemu
mirror of https://gitlab.com/qemu-project/qemu
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,666 Commits 50 Branches 393 Tags 403 MiB
C 82.6%
C++ 6.5%
Python 3.4%
Dylan 2.9%
Shell 1.6%
Other 2.7%
Go to file
aliguori 71d0770c4c Fix CVE-2008-0928 - insufficient block device address range checking (Anthony Liguori) 
Introduce a growable flag that's set by bdrv_file_open().  Block devices should
never be growable, only files that are being used by block devices.

I went through Fabrice's early comments about the patch that was first applied.
While I disagree with that patch, I also disagree with Fabrice's suggestion.

There's no good reason to do the checks in the block drivers themselves.  It
just increases the possibility that this bug could show up again.  Since we're
calling bdrv_getlength() to determine the length, we're giving the block drivers
a chance to chime in and let us know what range is valid.

Basically, this patch makes the BlockDriver API guarantee that all requests are
within 0..bdrv_getlength() which to me seems like a Good Thing.

What do others think?

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6677 c046a42c-6fe2-441c-8c8c-71466251a162
 		2009-03-03 17:37:16 +00:00
audio Avoid running audio ctl's when vm is not running 2009-02-18 20:44:04 +00:00
bsd-user Flush stdout after printing usage() 2009-02-28 20:14:00 +00:00
darwin-user Flush stdout after printing usage() 2009-02-28 20:14:00 +00:00
fpu soft-float: add float32_log2() and float64_log2() 2009-02-05 13:42:47 +00:00
gdb-xml target-ppc: Add XML files for PowerPC registers 2009-01-24 15:07:34 +00:00
hw DB-DMA cleanup 2009-03-03 09:14:10 +00:00
keymaps Fix fr-be keymap 2009-02-09 23:19:44 +00:00
linux-user Flush stdout after printing usage() 2009-02-28 20:14:00 +00:00
pc-bios kvm/powerpc: flat device tree files for MPC8544DS 2009-03-02 16:42:49 +00:00
slirp Fix SIGSEGV crash in slirp networking code 2009-02-06 21:37:40 +00:00
target-alpha targets: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:11 +00:00
target-arm Fix cpu_arm_handle_mmu_fault warning 2009-02-07 15:19:20 +00:00
target-cris CRIS: Fix remaining build warnings. 2009-02-22 11:59:59 +00:00
target-i386 x86: use qemu_log_mask on triple faults (Chris Wright) 2009-02-27 20:05:13 +00:00
target-m68k Fix ColdFire fmovem. Free the temporary we just allocated rather than some 2009-02-24 22:17:35 +00:00
target-mips targets: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:11 +00:00
target-ppc target-ppc: improve mfcr/mtcrf 2009-03-03 06:12:14 +00:00
target-sh4 SH4: Fixed last UTLB unused and URB/URC management 2009-03-03 09:14:01 +00:00
target-sparc Turn MMUs and caches off on reset 2009-02-21 11:13:51 +00:00
tcg TCG: remove obsolete old_op_count profiler field 2009-02-11 19:47:39 +00:00
tests Get rid of user_mode_only 2009-01-14 19:40:27 +00:00
.gitignore Extend gitignore (Jan Kiszka) 2009-01-22 17:15:25 +00:00
COPYING
COPYING.LIB Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
Changelog
LICENSE
MAINTAINERS
Makefile build system: Further improve quiet mode (Jan Kiszka) 2009-01-26 17:07:46 +00:00
Makefile.target kvm/powerpc: Add MPC8544DS board support 2009-03-02 16:42:42 +00:00
README
TODO
VERSION
a.out.h
aes.c
aes.h
aio.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
alpha-dis.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
alpha.ld
arm-dis.c
arm-semi.c Fix more FSF addresses 2009-01-05 18:11:53 +00:00
arm.ld
balloon.h
block-bochs.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-cloop.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-cow.c
block-dmg.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-nbd.c
block-parallels.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-qcow.c qcow1: Fix compressed images (Kevin Wolf) 2009-01-08 19:29:03 +00:00
block-qcow2.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-raw-posix.c fix raw_aio_remove (Stefano Stabellini) 2009-02-26 16:40:19 +00:00
block-raw-win32.c
block-vmdk.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-vpc.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block-vvfat.c block: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:05:53 +00:00
block.c Fix CVE-2008-0928 - insufficient block device address range checking (Anthony Liguori) 2009-03-03 17:37:16 +00:00
block.h qcow2 format: keep 'num_free_bytes', and show it upon 'info blockstats' (Uri Lublin) 2009-01-22 18:57:34 +00:00
block_int.h Fix CVE-2008-0928 - insufficient block device address range checking (Anthony Liguori) 2009-03-03 17:37:16 +00:00
bswap.h Remove all traces of __powerpc__ 2009-01-14 18:39:49 +00:00
bt-host.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
bt-vhci.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
buffered_file.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
buffered_file.h
cache-utils.c Properly initialize len argument of sysctl and include stdio.h (perror) 2009-02-04 20:39:09 +00:00
cache-utils.h Remove all traces of __powerpc__ 2009-01-14 18:39:49 +00:00
cocoa.m
configure Darwin: Check for x86_64 only on i386 2009-02-23 14:11:10 +00:00
console.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
console.h vnc fixes and improvements (Stefano Stabellini) 2009-01-26 15:37:30 +00:00
cpu-all.h qemu: add cpu_unregister_io_memory and make io mem table index dynamic (Marcelo Tosatti) 2009-02-11 15:20:58 +00:00
cpu-defs.h Get rid of user_mode_only 2009-01-14 19:40:27 +00:00
cpu-exec.c global s/loglevel & X/qemu_loglevel_mask(X)/ (Eduardo Habkost) 2009-01-15 22:36:53 +00:00
cris-dis.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
curses.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
curses_keys.h
cutils.c Add qemu_iovec_reset() (Avi Kivity) 2009-02-05 21:23:54 +00:00
d3des.c
d3des.h
def-helper.h
device_tree.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
device_tree.h
dis-asm.h Update ppc-dis.c from binutils 2.17 2009-02-09 19:58:22 +00:00
disas.c Allow disassembling last addresses of the address space 2009-02-13 21:44:41 +00:00
disas.h
dma-helpers.c Introduce block dma helpers (Avi Kivity) 2009-02-05 21:23:58 +00:00
dma.h Introduce block dma helpers (Avi Kivity) 2009-02-05 21:23:58 +00:00
dyngen-exec.h Remove unused code from dyngen-exec.h 2009-02-09 18:28:36 +00:00
elf.h
elf_ops.h
exec-all.h Remove GenOpFunc typedefs 2009-02-08 17:17:52 +00:00
exec.c Fix unassigned region offsets. 2009-02-23 13:16:07 +00:00
feature_to_c.sh
gdbstub.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
gdbstub.h User-mode GDB stub improvements - handle signals 2008-12-18 22:44:13 +00:00
gen-icount.h
host-utils.c
host-utils.h
hostregs_helper.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
hpet.h
hppa-dis.c
hppa.ld
i386-dis.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
i386.ld
ia64.ld
keymaps.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
kqemu.c Convert references to logfile/loglevel to use qemu_log*() macros 2009-01-15 22:34:14 +00:00
kqemu.h
kvm-all.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
kvm.h
libfdt_env.h
loader.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
m68k-dis.c
m68k-semi.c Fix more FSF addresses 2009-01-05 18:11:53 +00:00
m68k.ld
migration-exec.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
migration-tcp.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
migration.c
migration.h
mips-dis.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
mips.ld
mipsel.ld
monitor.c SH4: Added monitoring of TLBs 2009-03-03 06:12:22 +00:00
nbd.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
nbd.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
net-checksum.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
net.c net socket verify packet size (Dustin Kirkland) 2009-02-27 19:54:01 +00:00
net.h qemu: PCI device, disk and host network hot-add / hot-remove (Marcelo Tosatti) 2009-02-11 15:21:54 +00:00
osdep.c
osdep.h snapshot subcommand for qemu-img (Kevin Wolf) 2009-01-07 17:40:15 +00:00
pci-ids.txt List virtio console device in pci-ids.txt 2009-01-24 16:37:31 +00:00
posix-aio-compat.c Properly handle pthread_cond_timedwait timing out 2009-02-21 05:48:19 +00:00
posix-aio-compat.h Rename sigev_signo to avoid FreeBSD problems (Juergen Lock) 2009-01-24 11:54:21 +00:00
ppc-dis.c Update ppc-dis.c from binutils from 4th July, 2007, just before GPLv3 switch 2009-02-09 19:59:57 +00:00
ppc.ld
ppc64.ld
qemu-aio.h
qemu-binfmt-conf.sh
qemu-char.c qemu_chr_open_tcp: allow ipv4 and ipv6 options 2009-02-09 20:09:29 +00:00
qemu-char.h add an init function parameter to qemu_chr_open() 2009-01-18 14:08:04 +00:00
qemu-common.h Add qemu_iovec_reset() (Avi Kivity) 2009-02-05 21:23:54 +00:00
qemu-doc.texi chroot and change user support (Nolan) 2009-02-27 22:09:45 +00:00
qemu-img.c Make qemu-img argument handling POSIX compliant 2009-02-09 18:14:31 +00:00
qemu-img.texi Synch code, help and docs 2009-01-24 18:19:25 +00:00
qemu-lock.h Remove all traces of __powerpc__ 2009-01-14 18:39:49 +00:00
qemu-log.h Define macros that will become the new logging API (Eduardo Habkost) 2009-01-15 21:52:11 +00:00
qemu-malloc.c Fix qemu_realloc() (Kevin Wolf) 2009-02-11 21:00:32 +00:00
qemu-nbd.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
qemu-nbd.texi
qemu-sockets.c Fix some more warnings 2009-01-14 18:34:22 +00:00
qemu-tech.texi
qemu-timer.h
qemu-tool.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
qemu_socket.h
readline.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
rules.mak build system: Further improve quiet mode (Jan Kiszka) 2009-01-26 17:07:46 +00:00
s390-dis.c
s390.ld
savevm.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
sdl.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
sdl_keysym.h
sh4-dis.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
softmmu-semi.h
softmmu_defs.h
softmmu_exec.h
softmmu_header.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
softmmu_template.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
sparc-dis.c Make OpenBSD sparc-softmmu compile warning free 2009-01-14 18:08:08 +00:00
sparc.ld
sparc64.ld
sys-queue.h
sysemu.h qemu: PCI device, disk and host network hot-add / hot-remove (Marcelo Tosatti) 2009-02-11 15:21:54 +00:00
tap-win32.c Add a -net name=foo parameter (Mark McLoughlin) 2009-01-07 17:48:51 +00:00
texi2pod.pl
thunk.c Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
thunk.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
translate-all.c global s/loglevel & X/qemu_loglevel_mask(X)/ (Eduardo Habkost) 2009-01-15 22:36:53 +00:00
uboot_image.h Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
usb-bsd.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
usb-linux.c toplevel: remove error handling from qemu_malloc() callers (Avi Kivity) 2009-02-05 22:06:18 +00:00
usb-stub.c
vgafont.h
vl.c Change default werror semantics from "report" to "enospc" 2009-02-28 16:51:01 +00:00
vnc.c Support multiple VNC clients (Brian Kress) 2009-02-16 14:59:30 +00:00
vnc.h Support multiple VNC clients (Brian Kress) 2009-02-16 14:59:30 +00:00
vnc_keysym.h Fix AltGr and dead keys with VNC 2009-02-09 23:19:32 +00:00
vnchextile.h exploiting the new interface in vnc.c (Stefano Stabellini) 2009-01-15 22:17:38 +00:00
x86_64.ld
x_keymap.c

README 

Read the documentation in qemu-doc.html.

Fabrice Bellard.