]> xenbits.xensource.com Git - qemu-upstream-4.4-testing.git/commit
projects / qemu-upstream-4.4-testing.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d961961) | patch
vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148)
authorJeff Cody <jcody@redhat.com>
Wed, 26 Mar 2014 12:05:39 +0000 (13:05 +0100)
committerStefano Stabellini <stefano.stabellini@eu.citrix.com>
Thu, 5 Mar 2015 14:53:16 +0000 (14:53 +0000)
commite86cc068c2206a08b4552c513b0e3290ed681dd1
treef5185732f9379f90a096da4ae646968e1f9c2706tree
parentd961961ec93227065fd343f5725a1ff756d6981fcommit | diff
vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148)

Other variables (e.g. sectors_per_block) are calculated using these
variables, and if not range-checked illegal values could be obtained
causing infinite loops and other potential issues when calculating
BAT entries.

The 1.00 VHDX spec requires BlockSize to be min 1MB, max 256MB.
LogicalSectorSize is required to be either 512 or 4096 bytes.

Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
block/vhdx.c diff | blob | history
block/vhdx.h diff | blob | history
Obsolete Upstream Qemu based repository for xen-4.4-testing