mirrors
/
qemu
mirror of https://gitlab.com/qemu-project/qemu
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
qemu/block
History
Kevin Wolf c05e4667be qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145) 
For the L1 table to loaded for an internal snapshot, the code allocated
only enough memory to hold the currently active L1 table. If the
snapshot's L1 table is actually larger than the current one, this leads
to a buffer overflow.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 		2014-04-01 15:22:35 +02:00
..
Makefile.objs Block patches 2014-02-25 10:50:11 +00:00
backup.c block: Switch BdrvTrackedRequest to byte granularity 2014-01-24 17:40:02 +01:00
blkdebug.c block: Remove bdrv_open_image()'s force_raw option 2014-02-21 21:02:22 +01:00
blkverify.c block: Rewrite the snapshot authorization mechanism for block filters. 2014-03-13 14:23:27 +01:00
bochs.c bochs: Fix bitmap offset calculation 2014-04-01 13:59:47 +02:00
cloop.c block/cloop: fix offsets[] size off-by-one 2014-04-01 13:59:47 +02:00
commit.c commit: Remove unused check 2013-12-20 16:26:16 +01:00
cow.c block: do not abuse EMEDIUMTYPE 2014-02-21 21:02:24 +01:00
curl.c curl: check data size before memcpy to local buffer. (CVE-2014-0144) 2014-04-01 14:19:09 +02:00
dmg.c dmg: prevent chunk buffer overflow (CVE-2014-0145) 2014-04-01 15:22:35 +02:00
gluster.c Fixed various typos 2014-03-25 14:09:50 +01:00
iscsi.c iscsi: Use bs->sg for everything else than disks 2014-03-05 16:58:20 +01:00
linux-aio.c aio: drop io_flush argument 2013-08-19 15:52:19 +02:00
mirror.c mirror: fix early wake from sleep due to aio 2014-03-25 14:09:50 +01:00
nbd-client.c nbd: close socket if connection breaks 2014-03-14 16:28:28 +01:00
nbd-client.h nbd: pass export name as init argument 2013-12-16 10:12:20 +01:00
nbd.c nbd: correctly propagate errors 2014-02-21 21:02:22 +01:00
nfs.c block/nfs: report errors from libnfs 2014-03-19 09:39:41 +01:00
parallels.c block: do not abuse EMEDIUMTYPE 2014-02-21 21:02:24 +01:00
qapi.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
qcow.c Fixed various typos 2014-03-25 14:09:50 +01:00
qcow2-cache.c qcow2: Use negated overflow check mask 2013-10-11 16:50:00 +02:00
qcow2-cluster.c qcow2: Fix copy_sectors() with VM state 2014-04-01 15:22:35 +02:00
qcow2-refcount.c qcow2: Protect against some integer overflows in bdrv_check 2014-04-01 15:22:35 +02:00
qcow2-snapshot.c qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145) 2014-04-01 15:22:35 +02:00
qcow2.c qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146) 2014-04-01 15:22:35 +02:00
qcow2.h qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref 2014-04-01 15:22:34 +02:00
qed-check.c qed: mark image clean after repair succeeds 2012-08-10 10:25:12 +02:00
qed-cluster.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qed-gencb.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qed-l2-cache.c qed: do not evict in-use L2 table cache entries 2012-03-12 15:14:06 +01:00
qed-table.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qed.c block: Add error handling to bdrv_invalidate_cache() 2014-03-19 09:39:41 +01:00
qed.h block: qed - use QEMU_PACKED for on-disk structures 2013-09-25 20:51:15 +02:00
quorum.c block: Add error handling to bdrv_invalidate_cache() 2014-03-19 09:39:41 +01:00
raw-aio.h raw-posix: add support for write_zeroes on XFS and block devices 2013-12-03 15:26:49 +01:00
raw-posix.c block/raw-posix: Strip protocol prefix on creation 2014-03-13 14:42:25 +01:00
raw-win32.c block/raw-win32: bdrv_parse_filename() for hdev 2014-03-13 14:42:25 +01:00
raw_bsd.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
rbd.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
sheepdog.c Fixed various typos 2014-03-25 14:09:50 +01:00
snapshot.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
ssh.c bdrv: Use "Error" for creating images 2013-09-12 10:12:48 +02:00
stream.c block: Update BlockLimits when they might have changed 2014-01-24 17:40:01 +01:00
vdi.c vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144) 2014-04-01 14:06:31 +02:00
vhdx-endian.c block: vhdx - move more endian translations to vhdx-endian.c 2013-11-07 13:58:59 +01:00
vhdx-log.c Fixed various typos 2014-03-25 14:09:50 +01:00
vhdx.c vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148) 2014-04-01 14:19:09 +02:00
vhdx.h block: Explicitly specify 'unsigned long long' for VHDX 64-bit constants 2014-03-14 16:25:24 +01:00
vmdk.c block/vmdk: do not report file offset for compressed extents 2014-02-28 18:59:07 +01:00
vpc.c vpc: Validate block size (CVE-2014-0142) 2014-04-01 13:59:47 +02:00
vvfat.c vvfat: Fix :floppy: option to suppress partition table 2014-04-01 13:49:53 +02:00
win32-aio.c win32-aio: drop win32_aio_flush_cb() 2013-08-22 22:05:04 +02:00