qemu/block
Stefan Hajnoczi fb6d1bbd24 block/curl: disable extra protocols to prevent CVE-2013-0249
There is a buffer overflow in libcurl POP3/SMTP/IMAP.  The workaround is
simple: disable extra protocols so that they cannot be exploited.  Full
details here:

  http://curl.haxx.se/docs/adv_20130206.html

QEMU only cares about HTTP, HTTPS, FTP, FTPS, and TFTP.  I have tested
that this fix prevents the exploit on my host with
libcurl-7.27.0-5.fc18.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 11:14:20 -06:00
..
blkdebug.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
blkverify.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
bochs.c bochs: Fix bdrv_open() error handling 2013-02-01 14:58:28 +01:00
cloop.c cloop: Fix bdrv_open() error handling 2013-02-01 14:58:28 +01:00
commit.c block: fix null-pointer bug on error case in block commit 2013-01-17 10:51:11 +01:00
cow.c block: Use error code EMEDIUMTYPE for wrong format in some block drivers 2013-01-25 18:18:35 +01:00
curl.c block/curl: disable extra protocols to prevent CVE-2013-0249 2013-02-08 11:14:20 -06:00
dmg.c dmg: Use g_free instead of free 2013-02-01 14:58:29 +01:00
gluster.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
iscsi.c iscsi: add support for iovectors 2013-01-24 15:37:55 +01:00
linux-aio.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
Makefile.objs build: move rules from Makefile to */Makefile.objs 2012-12-19 08:29:06 +01:00
mirror.c mirror: do nothing on zero-sized disk 2013-01-25 18:18:35 +01:00
nbd.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
parallels.c parallels: Fix bdrv_open() error handling 2013-02-01 14:58:29 +01:00
qcow2-cache.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
qcow2-cluster.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
qcow2-refcount.c g_malloc(0) and g_malloc0(0) return NULL; simplify 2013-01-30 11:14:46 +01:00
qcow2-snapshot.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
qcow2.c block: Use error code EMEDIUMTYPE for wrong format in some block drivers 2013-01-25 18:18:35 +01:00
qcow2.h block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
qcow.c block: Use error code EMEDIUMTYPE for wrong format in some block drivers 2013-01-25 18:18:35 +01:00
qed-check.c qed: mark image clean after repair succeeds 2012-08-10 10:25:12 +02:00
qed-cluster.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qed-gencb.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
qed-l2-cache.c qed: do not evict in-use L2 table cache entries 2012-03-12 15:14:06 +01:00
qed-table.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qed.c block: Use error code EMEDIUMTYPE for wrong format in some block drivers 2013-01-25 18:18:35 +01:00
qed.h block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
raw-aio.h block: make discard asynchronous 2013-01-15 10:03:47 +01:00
raw-posix.c block/raw-posix: Build fix for O_ASYNC 2013-02-01 15:11:12 +01:00
raw-win32.c block/raw-win32: Fix compiler warnings (wrong format specifiers) 2013-01-02 16:08:57 +01:00
raw.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
rbd.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
sheepdog.c sheepdog: pass vdi_id to sheep daemon for sd_close() 2013-02-01 14:58:28 +01:00
stream.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
vdi.c g_malloc(0) and g_malloc0(0) return NULL; simplify 2013-01-30 11:14:46 +01:00
vmdk.c vmdk: Allow space in file name 2013-02-01 14:58:29 +01:00
vpc.c vpc: Fix bdrv_open() error handling 2013-02-01 14:58:28 +01:00
vvfat.c Replace remaining gmtime, localtime by gmtime_r, localtime_r 2013-01-11 09:44:37 +01:00
win32-aio.c win32-aio: use iov utility functions instead of open-coding them 2013-01-18 09:57:51 +01:00