aboutsummaryrefslogtreecommitdiff
path: root/tests/qemu-iotests/common
diff options
context:
space:
mode:
authorKevin Wolf <kwolf@redhat.com>2014-03-26 13:06:08 +0100
committerStefan Hajnoczi <stefanha@redhat.com>2014-04-01 15:22:35 +0200
commitafbcc40bee4ef51731102d7d4b499ee12fc182e1 (patch)
tree35f637ffc51bffdf6a01dd6478ccae2a0a2bcb1e /tests/qemu-iotests/common
parent5dae6e30c531feb31eed99f9039b52bf70832ce3 (diff)
downloadqemu-afbcc40bee4ef51731102d7d4b499ee12fc182e1.zip
qemu-afbcc40bee4ef51731102d7d4b499ee12fc182e1.tar.gz
qemu-afbcc40bee4ef51731102d7d4b499ee12fc182e1.tar.bz2
parallels: Fix catalog size integer overflow (CVE-2014-0143)
The first test case would cause a huge memory allocation, leading to a qemu abort; the second one to a too small malloc() for the catalog (smaller than s->catalog_size), which causes a read-only out-of-bounds array access and on big endian hosts an endianess conversion for an undefined memory area. The sample image used here is not an original Parallels image. It was created using an hexeditor on the basis of the struct that qemu uses. Good enough for trying to crash the driver, but not for ensuring compatibility. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'tests/qemu-iotests/common')
-rw-r--r--tests/qemu-iotests/common7
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common
index a09d9c8..0aaf84d 100644
--- a/tests/qemu-iotests/common
+++ b/tests/qemu-iotests/common
@@ -139,6 +139,7 @@ check options
-bochs test bochs
-cow test cow
-cloop test cloop
+ -parallels test parallels
-qcow test qcow
-qcow2 test qcow2
-qed test qed
@@ -192,6 +193,12 @@ testlist options
xpand=false
;;
+ -parallels)
+ IMGFMT=parallels
+ IMGFMT_GENERIC=false
+ xpand=false
+ ;;
+
-qcow)
IMGFMT=qcow
xpand=false