aboutsummaryrefslogtreecommitdiff
path: root/bt-vhci.c
diff options
context:
space:
mode:
authorJeff Cody <jcody@redhat.com>2014-03-26 13:05:39 +0100
committerStefan Hajnoczi <stefanha@redhat.com>2014-04-01 14:19:09 +0200
commit1d7678dec4761acdc43439da6ceda41a703ba1a6 (patch)
tree26ef17ad9f54a0295668480eaf16fcbf7365f38b /bt-vhci.c
parent63fa06dc978f3669dbfd9443b33cde9e2a7f4b41 (diff)
downloadqemu-1d7678dec4761acdc43439da6ceda41a703ba1a6.zip
qemu-1d7678dec4761acdc43439da6ceda41a703ba1a6.tar.gz
qemu-1d7678dec4761acdc43439da6ceda41a703ba1a6.tar.bz2
vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148)
Other variables (e.g. sectors_per_block) are calculated using these variables, and if not range-checked illegal values could be obtained causing infinite loops and other potential issues when calculating BAT entries. The 1.00 VHDX spec requires BlockSize to be min 1MB, max 256MB. LogicalSectorSize is required to be either 512 or 4096 bytes. Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'bt-vhci.c')
0 files changed, 0 insertions, 0 deletions