This is v2 of the patches from Stefan Hajnoczi's pull request for CVE patches.
Changes from v1:
Patch 1: * Use DEFAULT_CLUSTER_SIZE instead of new
VDI_BLOCK_SIZE (thanks Stefan Weil)
* More informative error messages (thanks Stefan Weil)
* Return -ENOTSUP instead of -EINVAL on images
that exceed the maximum allowed size. These may
not be against spec, they are just currently unsupported.
* Fix wrong error message, introduced in commit
5b7aa9b56d1bfc79916262f380c3fc7961becb50 (thanks Stefan Weil)
Patch 2: * Update tests results to take in account new error messages.
Jeff Cody (2):
vdi: add bounds checks for blocks_in_image and disk_size header fields
(CVE-2014-0144)
block: vdi bounds check qemu-io tests
block/vdi.c | 37 ++++++++++++++--
tests/qemu-iotests/084 | 104 +++++++++++++++++++++++++++++++++++++++++++++
tests/qemu-iotests/084.out | 33 ++++++++++++++
tests/qemu-iotests/group | 1 +
4 files changed, 171 insertions(+), 4 deletions(-)
create mode 100755 tests/qemu-iotests/084
create mode 100644 tests/qemu-iotests/084.out
--
1.8.3.1
