|
| From: | Anthony Liguori |
| Subject: | Re: [Qemu-devel] [PATCH] raw: Fix image header protection |
| Date: | Thu, 09 Sep 2010 08:16:49 -0500 |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.11) Gecko/20100713 Lightning/1.0b1 Thunderbird/3.0.6 |
On 09/09/2010 08:02 AM, Kevin Wolf wrote:
Or instead of completely removing it, we could add a size limit, though I suspect that would mean violating some specs.One thing I was thinking of trying was splitting off the first sector into a linear buffer, then allocating a new iovec and adjusting the new iovec to cover the new request minus the first sector.That doesn't help any of the other use cases. Either we consider it a problem or not. If we do, it must be fixed everywhere.
Yes, it's a problem. In other places in the code base, we go to incredible lengths to avoid unbounded allocations.
I think we have to two choices: 1) refactor all of the code to not require qemu_iovec_to_buffer() or 2) cap the request size and fail a request if it's greater.
Regards, Anthony Liguori
Kevin
| [Prev in Thread] | Current Thread | [Next in Thread] |