qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH for-2.0 17/47] vhdx: Bounds checking for block_s

From: Max Reitz
Subject: Re: [Qemu-devel] [PATCH for-2.0 17/47] vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148)
Date: Wed, 26 Mar 2014 21:26:56 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 
On 26.03.2014 13:05, Stefan Hajnoczi wrote:

From: Jeff Cody <address@hidden>

Other variables (e.g. sectors_per_block) are calculated using these
variables, and if not range-checked illegal values could be obtained
causing infinite loops and other potential issues when calculating
BAT entries.

The 1.00 VHDX spec requires BlockSize to be min 1MB, max 256MB.
LogicalSectorSize is required to be either 512 or 4096 bytes.

Reported-by: Kevin Wolf <address@hidden>
Signed-off-by: Jeff Cody <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
  block/vhdx.c | 12 ++++++++++--
  1 file changed, 10 insertions(+), 2 deletions(-)


Reviewed-by: Max Reitz <address@hidden>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]