Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 11/47] bochs: Check catalo

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 11/47] bochs: Check catalo

From:	Max Reitz
Subject:	Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 11/47] bochs: Check catalog_size header field (CVE-2014-0143)
Date:	Wed, 26 Mar 2014 21:09:33 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

On 26.03.2014 13:05, Stefan Hajnoczi wrote:

From: Kevin Wolf <address@hidden>

It should neither become negative nor allow unbounded memory
allocations. This fixes aborts in g_malloc() and an s->catalog_bitmap
buffer overflow on big endian hosts.

Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
---
  block/bochs.c              | 13 +++++++++++++
  tests/qemu-iotests/078     | 13 +++++++++++++
  tests/qemu-iotests/078.out | 10 +++++++++-
  3 files changed, 35 insertions(+), 1 deletion(-)


Reviewed-by: Max Reitz <address@hidden>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 05/47] block/cloop: refuse images with huge offsets arrays (CVE-2014-0144), (continued)
- [Qemu-stable] [PATCH for-2.0 06/47] block/cloop: refuse images with bogus offsets (CVE-2014-0144), Stefan Hajnoczi, 2014/03/26
  - Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 06/47] block/cloop: refuse images with bogus offsets (CVE-2014-0144), Max Reitz, 2014/03/26
- [Qemu-stable] [PATCH for-2.0 07/47] block/cloop: fix offsets[] size off-by-one, Stefan Hajnoczi, 2014/03/26
  - Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 07/47] block/cloop: fix offsets[] size off-by-one, Max Reitz, 2014/03/26
- [Qemu-stable] [PATCH for-2.0 09/47] bochs: Unify header structs and make them QEMU_PACKED, Stefan Hajnoczi, 2014/03/26
  - Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 09/47] bochs: Unify header structs and make them QEMU_PACKED, Max Reitz, 2014/03/26
- [Qemu-stable] [PATCH for-2.0 10/47] bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147), Stefan Hajnoczi, 2014/03/26
  - Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 10/47] bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147), Max Reitz, 2014/03/26
- [Qemu-stable] [PATCH for-2.0 11/47] bochs: Check catalog_size header field (CVE-2014-0143), Stefan Hajnoczi, 2014/03/26
  - Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 11/47] bochs: Check catalog_size header field (CVE-2014-0143), Max Reitz <=
- [Qemu-stable] [PATCH for-2.0 12/47] bochs: Check extent_size header field (CVE-2014-0142), Stefan Hajnoczi, 2014/03/26
  - Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 12/47] bochs: Check extent_size header field (CVE-2014-0142), Max Reitz, 2014/03/26
- [Qemu-stable] [PATCH for-2.0 15/47] vpc: Validate block size (CVE-2014-0142), Stefan Hajnoczi, 2014/03/26
  - Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 15/47] vpc: Validate block size (CVE-2014-0142), Max Reitz, 2014/03/26
- [Qemu-stable] [PATCH for-2.0 13/47] bochs: Fix bitmap offset calculation, Stefan Hajnoczi, 2014/03/26
  - Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 13/47] bochs: Fix bitmap offset calculation, Max Reitz, 2014/03/26
- [Qemu-stable] [PATCH for-2.0 14/47] vpc/vhd: add bounds check for max_table_entries and block_size (CVE-2014-0144), Stefan Hajnoczi, 2014/03/26
  - Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 14/47] vpc/vhd: add bounds check for max_table_entries and block_size (CVE-2014-0144), Max Reitz, 2014/03/26
- [Qemu-stable] [PATCH for-2.0 19/47] qcow2: Check header_length (CVE-2014-0144), Stefan Hajnoczi, 2014/03/26
  - Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 19/47] qcow2: Check header_length (CVE-2014-0144), Max Reitz, 2014/03/26

Prev by Date: Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 10/47] bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147)
Next by Date: Re: [Qemu-stable] [Qemu-devel] [PATCH for-2.0 12/47] bochs: Check extent_size header field (CVE-2014-0142)
Previous by thread: [Qemu-stable] [PATCH for-2.0 11/47] bochs: Check catalog_size header field (CVE-2014-0143)
Next by thread: [Qemu-stable] [PATCH for-2.0 12/47] bochs: Check extent_size header field (CVE-2014-0142)
Index(es):
- Date
- Thread