qemu-e2k/block
Jeff Cody 63fa06dc97 vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144)
The maximum blocks_in_image is 0xffffffff / 4, which also limits the
maximum disk_size for a VDI image to 1024TB.  Note that this is the maximum
size that QEMU will currently support with this driver, not necessarily the
maximum size allowed by the image format.

This also fixes an incorrect error message, a bug introduced by commit
5b7aa9b56d (Reported by Stefan Weil)

Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 14:06:31 +02:00
..
backup.c block: Switch BdrvTrackedRequest to byte granularity 2014-01-24 17:40:02 +01:00
blkdebug.c block: Remove bdrv_open_image()'s force_raw option 2014-02-21 21:02:22 +01:00
blkverify.c block: Rewrite the snapshot authorization mechanism for block filters. 2014-03-13 14:23:27 +01:00
bochs.c bochs: Fix bitmap offset calculation 2014-04-01 13:59:47 +02:00
cloop.c block/cloop: fix offsets[] size off-by-one 2014-04-01 13:59:47 +02:00
commit.c commit: Remove unused check 2013-12-20 16:26:16 +01:00
cow.c block: do not abuse EMEDIUMTYPE 2014-02-21 21:02:24 +01:00
curl.c curl: correctly propagate errors 2014-02-21 21:02:23 +01:00
dmg.c bdrv: Use "Error" for opening images 2013-09-12 10:12:47 +02:00
gluster.c Fixed various typos 2014-03-25 14:09:50 +01:00
iscsi.c iscsi: Use bs->sg for everything else than disks 2014-03-05 16:58:20 +01:00
linux-aio.c aio: drop io_flush argument 2013-08-19 15:52:19 +02:00
Makefile.objs Block patches 2014-02-25 10:50:11 +00:00
mirror.c mirror: fix early wake from sleep due to aio 2014-03-25 14:09:50 +01:00
nbd-client.c nbd: close socket if connection breaks 2014-03-14 16:28:28 +01:00
nbd-client.h nbd: pass export name as init argument 2013-12-16 10:12:20 +01:00
nbd.c nbd: correctly propagate errors 2014-02-21 21:02:22 +01:00
nfs.c block/nfs: report errors from libnfs 2014-03-19 09:39:41 +01:00
parallels.c block: do not abuse EMEDIUMTYPE 2014-02-21 21:02:24 +01:00
qapi.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
qcow2-cache.c qcow2: Use negated overflow check mask 2013-10-11 16:50:00 +02:00
qcow2-cluster.c qcow2: Check bs->drv in copy_sectors() 2014-03-13 14:23:27 +01:00
qcow2-refcount.c qcow2: Fix fail path in realloc_refcount_block() 2014-03-19 09:39:41 +01:00
qcow2-snapshot.c block: Don't throw away errno via error_setg 2014-02-14 18:05:38 +01:00
qcow2.c qcow2: fix two memory leaks in qcow2_open error code path 2014-04-01 13:49:53 +02:00
qcow2.h qcow2: remove n_start and n_end of qcow2_alloc_cluster_offset() 2014-02-09 09:12:39 +01:00
qcow.c Fixed various typos 2014-03-25 14:09:50 +01:00
qed-check.c
qed-cluster.c
qed-gencb.c
qed-l2-cache.c
qed-table.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qed.c block: Add error handling to bdrv_invalidate_cache() 2014-03-19 09:39:41 +01:00
qed.h block: qed - use QEMU_PACKED for on-disk structures 2013-09-25 20:51:15 +02:00
quorum.c block: Add error handling to bdrv_invalidate_cache() 2014-03-19 09:39:41 +01:00
raw_bsd.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
raw-aio.h raw-posix: add support for write_zeroes on XFS and block devices 2013-12-03 15:26:49 +01:00
raw-posix.c block/raw-posix: Strip protocol prefix on creation 2014-03-13 14:42:25 +01:00
raw-win32.c block/raw-win32: bdrv_parse_filename() for hdev 2014-03-13 14:42:25 +01:00
rbd.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
sheepdog.c Fixed various typos 2014-03-25 14:09:50 +01:00
snapshot.c Use error_is_set() only when necessary 2014-02-17 11:57:23 -05:00
ssh.c bdrv: Use "Error" for creating images 2013-09-12 10:12:48 +02:00
stream.c block: Update BlockLimits when they might have changed 2014-01-24 17:40:01 +01:00
vdi.c vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144) 2014-04-01 14:06:31 +02:00
vhdx-endian.c block: vhdx - move more endian translations to vhdx-endian.c 2013-11-07 13:58:59 +01:00
vhdx-log.c Fixed various typos 2014-03-25 14:09:50 +01:00
vhdx.c vhdx: correctly propagate errors 2014-02-21 21:02:23 +01:00
vhdx.h block: Explicitly specify 'unsigned long long' for VHDX 64-bit constants 2014-03-14 16:25:24 +01:00
vmdk.c block/vmdk: do not report file offset for compressed extents 2014-02-28 18:59:07 +01:00
vpc.c vpc: Validate block size (CVE-2014-0142) 2014-04-01 13:59:47 +02:00
vvfat.c vvfat: Fix :floppy: option to suppress partition table 2014-04-01 13:49:53 +02:00
win32-aio.c win32-aio: drop win32_aio_flush_cb() 2013-08-22 22:05:04 +02:00