motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-07 17:53:56 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

qcow2: Check backing_file_offset (CVE-2014-0144)

Browse source 
Header, header extension and the backing file name must all be stored in
the first cluster. Setting the backing file to a much higher value
allowed header extensions to become much bigger than we want them to be
(unbounded allocation).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This commit is contained in:
Kevin Wolf 2014-03-26 13:05:42 +01:00 committed by Stefan Hajnoczi
parent 24342f2cae
commit a1b3955c94
3 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tests/qemu-iotests/080.out
View file

@ -6,4 +6,11 @@ qemu-io: can't open device TEST_DIR/t.qcow2: qcow2 header exceeds cluster size
no file open, try 'help open'
qemu-io: can't open device TEST_DIR/t.qcow2: qcow2 header exceeds cluster size
no file open, try 'help open'
== Huge unknown header extension ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
qemu-io: can't open device TEST_DIR/t.qcow2: Invalid backing file offset
no file open, try 'help open'
qemu-io: can't open device TEST_DIR/t.qcow2: Header extension too large
no file open, try 'help open'
*** done