aboutsummaryrefslogtreecommitdiff
path: root/block-qcow.c
diff options
context:
space:
mode:
authoraurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162>2008-03-11 17:17:59 +0000
committeraurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162>2008-03-11 17:17:59 +0000
commit902b27d0b8d5bfa840eaf389d7cbcc28b57e3fbe (patch)
tree88c3355a4eaf8533669c87a6dab7c8a4afcd8557 /block-qcow.c
parentb94ed5772eb31e8fad4b823351e8152839bf722a (diff)
downloadqemu-902b27d0b8d5bfa840eaf389d7cbcc28b57e3fbe.zip
qemu-902b27d0b8d5bfa840eaf389d7cbcc28b57e3fbe.tar.gz
qemu-902b27d0b8d5bfa840eaf389d7cbcc28b57e3fbe.tar.bz2
Fix CVE-2008-0928 - insufficient block device address range checking
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4037 c046a42c-6fe2-441c-8c8c-71466251a162
Diffstat (limited to 'block-qcow.c')
-rw-r--r--block-qcow.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/block-qcow.c b/block-qcow.c
index 730ae67..7de8a3f 100644
--- a/block-qcow.c
+++ b/block-qcow.c
@@ -95,7 +95,7 @@ static int qcow_open(BlockDriverState *bs, const char *filename, int flags)
int len, i, shift, ret;
QCowHeader header;
- ret = bdrv_file_open(&s->hd, filename, flags);
+ ret = bdrv_file_open(&s->hd, filename, flags | BDRV_O_AUTOGROW);
if (ret < 0)
return ret;
if (bdrv_pread(s->hd, 0, &header, sizeof(header)) != sizeof(header))