qemu-e2k/qga
Philippe Mathieu-Daudé 1329651fb4 qga: Restrict guest-file-read count to 48 MB to avoid crashes
On [*] Daniel Berrangé commented:

  The QEMU guest agent protocol is not sensible way to access huge
  files inside the guest. It requires the inefficient process of
  reading the entire data into memory than duplicating it again in
  base64 format, and then copying it again in the JSON serializer /
  monitor code.

  For arbitrary general purpose file access, especially for large
  files, use a real file transfer program or use a network block
  device, not the QEMU guest agent.

To avoid bug reports as BZ#1594054 (CVE-2018-12617), follow his
suggestion to put a low, hard limit on "count" in the guest agent
QAPI schema, and don't allow count to be larger than 48 MB.

[*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg693176.html

Fixes: CVE-2018-12617
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1594054
Reported-by: Fakhri Zulkifli <mohdfakhrizulkifli@gmail.com>
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
*update schema documentation to indicate 48MB limit instead of 10MB
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2020-04-15 09:18:48 -05:00
..
installer qga: Installer: Wait for installation to finish 2020-03-24 11:32:19 -05:00
vss-win32 qga-win: Handle VSS_E_PROVIDER_ALREADY_REGISTERED error 2020-03-24 11:32:19 -05:00
Makefile.objs qapi: Generate command registration stuff into separate files 2020-01-14 11:01:58 +01:00
channel-posix.c socket: Add backlog parameter to socket_listen 2019-09-03 23:24:42 +02:00
channel-win32.c qga: Fix a memory leak 2020-03-09 13:36:15 +01:00
channel.h qga: add systemd socket activation support 2017-03-06 00:54:18 -06:00
commands-common.h qga: Extract qmp_guest_file_read() to common commands.c 2020-04-15 09:15:53 -05:00
commands-posix.c qga: Extract qmp_guest_file_read() to common commands.c 2020-04-15 09:15:53 -05:00
commands-win32.c qga: Extract qmp_guest_file_read() to common commands.c 2020-04-15 09:15:53 -05:00
commands.c qga: Restrict guest-file-read count to 48 MB to avoid crashes 2020-04-15 09:18:48 -05:00
guest-agent-command-state.c qga: use local path for local headers 2018-06-01 19:20:38 +03:00
guest-agent-core.h Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
main.c qemu-ga: document vsock-listen in the man page 2020-03-24 11:32:19 -05:00
qapi-schema.json qga: Restrict guest-file-read count to 48 MB to avoid crashes 2020-04-15 09:18:48 -05:00
service-win32.c qga: Remove unnecessary glib.h includes 2016-06-07 18:19:24 +03:00
service-win32.h qga-win: changing --retry-path option behavior 2018-10-31 09:04:20 -05:00
vss-win32.c qga-win: add support for qmp_guest_fsfreeze_freeze_list 2018-10-30 16:48:49 -05:00
vss-win32.h qga-win: add support for qmp_guest_fsfreeze_freeze_list 2018-10-30 16:48:49 -05:00