diff options
| author | aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162> | 2008-03-11 17:17:59 +0000 |
|---|---|---|
| committer | aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162> | 2008-03-11 17:17:59 +0000 |
| commit | 902b27d0b8d5bfa840eaf389d7cbcc28b57e3fbe (patch) | |
| tree | 88c3355a4eaf8533669c87a6dab7c8a4afcd8557 /block-qcow.c | |
| parent | b94ed5772eb31e8fad4b823351e8152839bf722a (diff) | |
Fix CVE-2008-0928 - insufficient block device address range checking
Qemu 0.9.1 and earlier does not perform range checks for block device
read or write requests, which allows guest host users with root
privileges to access arbitrary memory and escape the virtual machine.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4037 c046a42c-6fe2-441c-8c8c-71466251a162
Diffstat (limited to 'block-qcow.c')
| -rw-r--r-- | block-qcow.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/block-qcow.c b/block-qcow.c index 730ae67ed..7de8a3f50 100644 --- a/block-qcow.c +++ b/block-qcow.c @@ -95,7 +95,7 @@ static int qcow_open(BlockDriverState *bs, const char *filename, int flags) int len, i, shift, ret; QCowHeader header; - ret = bdrv_file_open(&s->hd, filename, flags); + ret = bdrv_file_open(&s->hd, filename, flags | BDRV_O_AUTOGROW); if (ret < 0) return ret; if (bdrv_pread(s->hd, 0, &header, sizeof(header)) != sizeof(header)) |