diff options
author | aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162> | 2008-03-11 17:17:59 +0000 |
---|---|---|
committer | aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162> | 2008-03-11 17:17:59 +0000 |
commit | 902b27d0b8d5bfa840eaf389d7cbcc28b57e3fbe (patch) | |
tree | 88c3355a4eaf8533669c87a6dab7c8a4afcd8557 /block-qcow.c | |
parent | b94ed5772eb31e8fad4b823351e8152839bf722a (diff) | |
download | qemu-902b27d0b8d5bfa840eaf389d7cbcc28b57e3fbe.zip qemu-902b27d0b8d5bfa840eaf389d7cbcc28b57e3fbe.tar.gz qemu-902b27d0b8d5bfa840eaf389d7cbcc28b57e3fbe.tar.bz2 |
Fix CVE-2008-0928 - insufficient block device address range checking
Qemu 0.9.1 and earlier does not perform range checks for block device
read or write requests, which allows guest host users with root
privileges to access arbitrary memory and escape the virtual machine.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4037 c046a42c-6fe2-441c-8c8c-71466251a162
Diffstat (limited to 'block-qcow.c')
-rw-r--r-- | block-qcow.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/block-qcow.c b/block-qcow.c index 730ae67..7de8a3f 100644 --- a/block-qcow.c +++ b/block-qcow.c @@ -95,7 +95,7 @@ static int qcow_open(BlockDriverState *bs, const char *filename, int flags) int len, i, shift, ret; QCowHeader header; - ret = bdrv_file_open(&s->hd, filename, flags); + ret = bdrv_file_open(&s->hd, filename, flags | BDRV_O_AUTOGROW); if (ret < 0) return ret; if (bdrv_pread(s->hd, 0, &header, sizeof(header)) != sizeof(header)) |