mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/block
History
Kevin Wolf a1b3955c94 qcow2: Check backing_file_offset (CVE-2014-0144) 
Header, header extension and the backing file name must all be stored in
the first cluster. Setting the backing file to a much higher value
allowed header extensions to become much bigger than we want them to be
(unbounded allocation).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 14:19:09 +02:00
..
backup.c
block: Switch BdrvTrackedRequest to byte granularity
2014-01-24 17:40:02 +01:00
blkdebug.c
block: Remove bdrv_open_image()'s force_raw option
2014-02-21 21:02:22 +01:00
blkverify.c
block: Rewrite the snapshot authorization mechanism for block filters.
2014-03-13 14:23:27 +01:00
bochs.c
bochs: Fix bitmap offset calculation
2014-04-01 13:59:47 +02:00
cloop.c
block/cloop: fix offsets[] size off-by-one
2014-04-01 13:59:47 +02:00
commit.c
commit: Remove unused check
2013-12-20 16:26:16 +01:00
cow.c
block: do not abuse EMEDIUMTYPE
2014-02-21 21:02:24 +01:00
curl.c
curl: check data size before memcpy to local buffer. (CVE-2014-0144)
2014-04-01 14:19:09 +02:00
dmg.c
gluster.c
Fixed various typos
2014-03-25 14:09:50 +01:00
iscsi.c
iscsi: Use bs->sg for everything else than disks
2014-03-05 16:58:20 +01:00
linux-aio.c
Makefile.objs
Block patches
2014-02-25 10:50:11 +00:00
mirror.c
mirror: fix early wake from sleep due to aio
2014-03-25 14:09:50 +01:00
nbd-client.c
nbd: close socket if connection breaks
2014-03-14 16:28:28 +01:00
nbd-client.h
nbd: pass export name as init argument
2013-12-16 10:12:20 +01:00
nbd.c
nbd: correctly propagate errors
2014-02-21 21:02:22 +01:00
nfs.c
block/nfs: report errors from libnfs
2014-03-19 09:39:41 +01:00
parallels.c
block: do not abuse EMEDIUMTYPE
2014-02-21 21:02:24 +01:00
qapi.c
Use error_is_set() only when necessary
2014-02-17 11:57:23 -05:00
qcow2-cache.c
qcow2-cluster.c
qcow2: Check bs->drv in copy_sectors()
2014-03-13 14:23:27 +01:00
qcow2-refcount.c
qcow2: Fix fail path in realloc_refcount_block()
2014-03-19 09:39:41 +01:00
qcow2-snapshot.c
block: Don't throw away errno via error_setg
2014-02-14 18:05:38 +01:00
qcow2.c
qcow2: Check backing_file_offset (CVE-2014-0144)
2014-04-01 14:19:09 +02:00
qcow2.h
qcow2: remove n_start and n_end of qcow2_alloc_cluster_offset()
2014-02-09 09:12:39 +01:00
qcow.c
Fixed various typos
2014-03-25 14:09:50 +01:00
qed-check.c
qed-cluster.c
qed-gencb.c
qed-l2-cache.c
qed-table.c
qed.c
block: Add error handling to bdrv_invalidate_cache()
2014-03-19 09:39:41 +01:00
qed.h
quorum.c
block: Add error handling to bdrv_invalidate_cache()
2014-03-19 09:39:41 +01:00
raw_bsd.c
Use error_is_set() only when necessary
2014-02-17 11:57:23 -05:00
raw-aio.h
raw-posix: add support for write_zeroes on XFS and block devices
2013-12-03 15:26:49 +01:00
raw-posix.c
block/raw-posix: Strip protocol prefix on creation
2014-03-13 14:42:25 +01:00
raw-win32.c
block/raw-win32: bdrv_parse_filename() for hdev
2014-03-13 14:42:25 +01:00
rbd.c
Use error_is_set() only when necessary
2014-02-17 11:57:23 -05:00
sheepdog.c
Fixed various typos
2014-03-25 14:09:50 +01:00
snapshot.c
Use error_is_set() only when necessary
2014-02-17 11:57:23 -05:00
ssh.c
stream.c
block: Update BlockLimits when they might have changed
2014-01-24 17:40:01 +01:00
vdi.c
vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144)
2014-04-01 14:06:31 +02:00
vhdx-endian.c
vhdx-log.c
Fixed various typos
2014-03-25 14:09:50 +01:00
vhdx.c
vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148)
2014-04-01 14:19:09 +02:00
vhdx.h
block: Explicitly specify 'unsigned long long' for VHDX 64-bit constants
2014-03-14 16:25:24 +01:00
vmdk.c
block/vmdk: do not report file offset for compressed extents
2014-02-28 18:59:07 +01:00
vpc.c
vpc: Validate block size (CVE-2014-0142)
2014-04-01 13:59:47 +02:00
vvfat.c
vvfat: Fix :floppy: option to suppress partition table
2014-04-01 13:49:53 +02:00
win32-aio.c