Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 153053 Details for
Bug 221943
app-emulation/qemu-softmmu < 0.9.1-r3 "drive_init()" security bypass (CVE-2008-2004)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for qemu-softmmu-0.9.1 bug CVE-2008-2004 #221943
qemu-softmmu-0.9.1-CVE-2008-2004.patch (text/plain), 1.96 KB, created by
Celso Fernandes (icezimm)
on 2008-05-13 14:05:13 UTC
(
hide
)
Description:
patch for qemu-softmmu-0.9.1 bug CVE-2008-2004 #221943
Filename:
MIME Type:
Creator:
Celso Fernandes (icezimm)
Created:
2008-05-13 14:05:13 UTC
Size:
1.96 KB
patch
obsolete
>--- vl.c 2008-01-06 14:38:42.000000000 -0500 >+++ vl.c 2008-05-13 09:56:45.000000000 -0400 >@@ -4877,13 +4877,14 @@ > int bus_id, unit_id; > int cyls, heads, secs, translation; > BlockDriverState *bdrv; >+ BlockDriver *drv = NULL; > int max_devs; > int index; > int cache; > int bdrv_flags; > char *params[] = { "bus", "unit", "if", "index", "cyls", "heads", > "secs", "trans", "media", "snapshot", "file", >- "cache", NULL }; >+ "cache", "format", NULL }; > > if (check_params(buf, sizeof(buf), params, str) < 0) { > fprintf(stderr, "qemu: unknowm parameter '%s' in '%s'\n", >@@ -5051,6 +5052,14 @@ > } > } > >+ if (get_param_value(buf, sizeof(buf), "format", str)) { >+ drv = bdrv_find_format(buf); >+ if (!drv) { >+ fprintf(stderr, "qemu: '%s' invalid format\n", buf); >+ return -1; >+ } >+ } >+ > get_param_value(file, sizeof(file), "file", str); > > /* compute bus and unit according index */ >@@ -5150,7 +5159,7 @@ > bdrv_flags |= BDRV_O_SNAPSHOT; > if (!cache) > bdrv_flags |= BDRV_O_DIRECT; >- if (bdrv_open(bdrv, file, bdrv_flags) < 0 || qemu_key_check(bdrv, file)) { >+ if (bdrv_open2(bdrv, file, bdrv_flags, drv) < 0 || qemu_key_check(bdrv, file)) { > fprintf(stderr, "qemu: could not open disk image %s\n", > file); > return -1; >--- qemu-doc.texi 2008-01-06 14:38:42.000000000 -0500 >+++ qemu-doc.texi 2008-05-13 09:57:57.000000000 -0400 >@@ -252,6 +252,10 @@ > @var{snapshot} is "on" or "off" and allows to enable snapshot for given drive (see @option{-snapshot}). > @item cache=@var{cache} > @var{cache} is "on" or "off" and allows to disable host cache to access data. >+@item format=@var{format} >+Specify which disk @var{format} will be used rather than detecting >+the format. Can be used to specifiy format=raw to avoid interpreting >+an untrusted format header. > @end table > > Instead of @option{-cdrom} you can use:
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=153053">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 221943
: 153053
