Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 163327 Details for
Bug 235219
=app-emulation/qemu-softmmu-0.9.0 "removable media" Host file disclosure (CVE-2008-1945)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
qemu-0.9.0-mdv,svn-CVE-2008-1945.patch
qemu-0.9.0-mdv,svn-CVE-2008-1945.patch (text/plain), 4.31 KB, created by
Robert Buchholz (RETIRED)
on 2008-08-19 20:26:16 UTC
(
hide
)
Description:
qemu-0.9.0-mdv,svn-CVE-2008-1945.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-08-19 20:26:16 UTC
Size:
4.31 KB
patch
obsolete
>--- qemu-0.9.0/monitor.c >+++ qemu-0.9.0/monitor.c >@@ -362,9 +362,10 @@ static void do_eject(int force, const char *filename) > eject_device(bs, force); > } > >-static void do_change(const char *device, const char *filename) >+static void do_change(const char *device, const char *filename, const char *fmt) > { > BlockDriverState *bs; >+ BlockDriver *drv = NULL; > int i; > char password[256]; > >@@ -373,9 +374,16 @@ static void do_change(const char *device, const char *filename) > term_printf("device not found\n"); > return; > } >+ if (fmt) { >+ drv = bdrv_find_format(fmt); >+ if (!drv) { >+ term_printf("invalid format %s\n", fmt); >+ return; >+ } >+ } > if (eject_device(bs, 0) < 0) > return; >- bdrv_open(bs, filename, 0); >+ bdrv_open2(bs, filename, 0, drv); > if (bdrv_is_encrypted(bs)) { > term_printf("%s is encrypted.\n", device); > for(i = 0; i < 3; i++) { >@@ -1195,8 +1203,8 @@ static term_cmd_t term_cmds[] = { > "", "quit the emulator" }, > { "eject", "-fB", do_eject, > "[-f] device", "eject a removable media (use -f to force it)" }, >- { "change", "BF", do_change, >- "device filename", "change a removable media" }, >+ { "change", "BFs?", do_change, >+ "device filename [format]", "change a removable media, optional format" }, > { "screendump", "F", do_screen_dump, > "filename", "save screen into PPM image 'filename'" }, > { "log", "s", do_log, >--- qemu-0.9.0/hw/usb-msd.c >+++ qemu-0.9.0/hw/usb-msd.c >@@ -510,17 +510,25 @@ static void usb_msd_handle_destroy(USBDevice *dev) > qemu_free(s); > } > >-USBDevice *usb_msd_init(const char *filename) >+USBDevice *usb_msd_init(const char *filename, const char *fmt) > { > MSDState *s; > BlockDriverState *bdrv; >+ BlockDriver *drv = NULL; > >+ if (fmt) { >+ drv = bdrv_find_format(fmt); >+ if (!drv) { >+ fprintf(stderr, "%s: '%s' invalid format\n", __func__, fmt); >+ return NULL; >+ } >+ } > s = qemu_mallocz(sizeof(MSDState)); > if (!s) > return NULL; > > bdrv = bdrv_new("usb"); >- if (bdrv_open(bdrv, filename, 0) < 0) >+ if (bdrv_open2(bdrv, filename, 0, drv) < 0) > goto fail; > s->bs = bdrv; > >--- qemu-0.9.0/hw/usb.h >+++ qemu-0.9.0/hw/usb.h >@@ -217,4 +217,4 @@ USBDevice *usb_mouse_init(void); > USBDevice *usb_tablet_init(void); > > /* usb-msd.c */ >-USBDevice *usb_msd_init(const char *filename); >+USBDevice *usb_msd_init(const char *filename, const char *fmt); >--- qemu-0.9.0/qemu-doc.texi >+++ qemu-0.9.0/qemu-doc.texi >@@ -1306,6 +1306,9 @@ This means qemu is able to report the mouse position without having > to grab the mouse. Also overrides the PS/2 mouse emulation when activated. > @item @code{disk:file} > Mass storage device based on @var{file} (@pxref{disk_images}) >+@item diskformat:file,format=@var{format} >+Mass storage device based on file with specified image @var{format}. >+See -format for more information. > @item @code{host:bus.addr} > Pass through the host device identified by @var{bus.addr} > (Linux only) >--- qemu-0.9.0/vl.c >+++ qemu-0.9.0/vl.c >@@ -3951,6 +3951,27 @@ void qemu_register_usb_port(USBPort *port, void *opaque, int index, > free_usb_ports = port; > } > >+static const char *get_opt_value(char *buf, int buf_size, const char *p) >+{ >+ char *q; >+ >+ q = buf; >+ while (*p != '\0') { >+ if (*p == ',') { >+ if (*(p + 1) != ',') >+ break; >+ p++; >+ } >+ if (q && (q - buf) < buf_size - 1) >+ *q++ = *p; >+ p++; >+ } >+ if (q) >+ *q = '\0'; >+ >+ return p; >+} >+ > static int usb_device_add(const char *devname) > { > const char *p; >@@ -3967,7 +3967,18 @@ static int usb_device_add(const char *devname) > } else if (!strcmp(devname, "tablet")) { > dev = usb_tablet_init(); > } else if (strstart(devname, "disk:", &p)) { >- dev = usb_msd_init(p); >+ dev = usb_msd_init(p, NULL); >+ } else if (strstart(devname, "diskformat:", &p)) { >+ char file[1024]; >+ char buf[128]; >+ char *fmt = NULL; >+ p = get_opt_value(file, sizeof(file), p); >+ if (*p == ',') { >+ p++; >+ if (get_param_value(buf, sizeof(buf), "format", p)) >+ fmt = buf; >+ } >+ dev = usb_msd_init(file, fmt); > } else { > return -1; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=163327">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 235219
:
163325
| 163327
