mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/block
History
Stefan Hajnoczi d65f97a82c block/cloop: validate block_size header field (CVE-2014-0144) 
Avoid unbounded s->uncompressed_block memory allocation by checking that
the block_size header field has a reasonable value.  Also enforce the
assumption that the value is a non-zero multiple of 512.

These constraints conform to cloop 2.639's code so we accept existing
image files.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 13:59:47 +02:00
..
backup.c
block: Switch BdrvTrackedRequest to byte granularity
2014-01-24 17:40:02 +01:00
blkdebug.c
block: Remove bdrv_open_image()'s force_raw option
2014-02-21 21:02:22 +01:00
blkverify.c
block: Rewrite the snapshot authorization mechanism for block filters.
2014-03-13 14:23:27 +01:00
bochs.c
block: do not abuse EMEDIUMTYPE
2014-02-21 21:02:24 +01:00
cloop.c
block/cloop: validate block_size header field (CVE-2014-0144)
2014-04-01 13:59:47 +02:00
commit.c
commit: Remove unused check
2013-12-20 16:26:16 +01:00
cow.c
block: do not abuse EMEDIUMTYPE
2014-02-21 21:02:24 +01:00
curl.c
curl: correctly propagate errors
2014-02-21 21:02:23 +01:00
dmg.c
gluster.c
Fixed various typos
2014-03-25 14:09:50 +01:00
iscsi.c
iscsi: Use bs->sg for everything else than disks
2014-03-05 16:58:20 +01:00
linux-aio.c
Makefile.objs
Block patches
2014-02-25 10:50:11 +00:00
mirror.c
mirror: fix early wake from sleep due to aio
2014-03-25 14:09:50 +01:00
nbd-client.c
nbd: close socket if connection breaks
2014-03-14 16:28:28 +01:00
nbd-client.h
nbd: pass export name as init argument
2013-12-16 10:12:20 +01:00
nbd.c
nbd: correctly propagate errors
2014-02-21 21:02:22 +01:00
nfs.c
block/nfs: report errors from libnfs
2014-03-19 09:39:41 +01:00
parallels.c
block: do not abuse EMEDIUMTYPE
2014-02-21 21:02:24 +01:00
qapi.c
Use error_is_set() only when necessary
2014-02-17 11:57:23 -05:00
qcow2-cache.c
qcow2: Use negated overflow check mask
2013-10-11 16:50:00 +02:00
qcow2-cluster.c
qcow2: Check bs->drv in copy_sectors()
2014-03-13 14:23:27 +01:00
qcow2-refcount.c
qcow2: Fix fail path in realloc_refcount_block()
2014-03-19 09:39:41 +01:00
qcow2-snapshot.c
block: Don't throw away errno via error_setg
2014-02-14 18:05:38 +01:00
qcow2.c
qcow2: fix two memory leaks in qcow2_open error code path
2014-04-01 13:49:53 +02:00
qcow2.h
qcow2: remove n_start and n_end of qcow2_alloc_cluster_offset()
2014-02-09 09:12:39 +01:00
qcow.c
Fixed various typos
2014-03-25 14:09:50 +01:00
qed-check.c
qed-cluster.c
qed-gencb.c
qed-l2-cache.c
qed-table.c
qed.c
block: Add error handling to bdrv_invalidate_cache()
2014-03-19 09:39:41 +01:00
qed.h
block: qed - use QEMU_PACKED for on-disk structures
2013-09-25 20:51:15 +02:00
quorum.c
block: Add error handling to bdrv_invalidate_cache()
2014-03-19 09:39:41 +01:00
raw_bsd.c
Use error_is_set() only when necessary
2014-02-17 11:57:23 -05:00
raw-aio.h
raw-posix: add support for write_zeroes on XFS and block devices
2013-12-03 15:26:49 +01:00
raw-posix.c
block/raw-posix: Strip protocol prefix on creation
2014-03-13 14:42:25 +01:00
raw-win32.c
block/raw-win32: bdrv_parse_filename() for hdev
2014-03-13 14:42:25 +01:00
rbd.c
Use error_is_set() only when necessary
2014-02-17 11:57:23 -05:00
sheepdog.c
Fixed various typos
2014-03-25 14:09:50 +01:00
snapshot.c
Use error_is_set() only when necessary
2014-02-17 11:57:23 -05:00
ssh.c
stream.c
block: Update BlockLimits when they might have changed
2014-01-24 17:40:01 +01:00
vdi.c
Fixed various typos
2014-03-25 14:09:50 +01:00
vhdx-endian.c
block: vhdx - move more endian translations to vhdx-endian.c
2013-11-07 13:58:59 +01:00
vhdx-log.c
Fixed various typos
2014-03-25 14:09:50 +01:00
vhdx.c
vhdx: correctly propagate errors
2014-02-21 21:02:23 +01:00
vhdx.h
block: Explicitly specify 'unsigned long long' for VHDX 64-bit constants
2014-03-14 16:25:24 +01:00
vmdk.c
block/vmdk: do not report file offset for compressed extents
2014-02-28 18:59:07 +01:00
vpc.c
block: do not abuse EMEDIUMTYPE
2014-02-21 21:02:24 +01:00
vvfat.c
vvfat: Fix :floppy: option to suppress partition table
2014-04-01 13:49:53 +02:00
win32-aio.c