Blame SOURCES/kvm-qcow2-Fix-new-L1-table-size-check-CVE-2014-0143.patch

0a122b
From b71e1cbac708fc3e6659b2356f365dd223e3ac01 Mon Sep 17 00:00:00 2001
0a122b
From: Kevin Wolf <kwolf@redhat.com>
0a122b
Date: Tue, 25 Mar 2014 14:23:39 +0100
0a122b
Subject: [PATCH 32/49] qcow2: Fix new L1 table size check (CVE-2014-0143)
0a122b
0a122b
RH-Author: Kevin Wolf <kwolf@redhat.com>
0a122b
Message-id: <1395753835-7591-33-git-send-email-kwolf@redhat.com>
0a122b
Patchwork-id: n/a
0a122b
O-Subject: [virt-devel] [EMBARGOED RHEL-7.0 qemu-kvm PATCH 32/48] qcow2: Fix new L1 table size check (CVE-2014-0143)
0a122b
Bugzilla: 1079320
0a122b
RH-Acked-by: Jeff Cody <jcody@redhat.com>
0a122b
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
0a122b
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
0a122b
0a122b
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1079320
0a122b
Upstream status: Embargoed
0a122b
0a122b
The size in bytes is assigned to an int later, so check that instead of
0a122b
the number of entries.
0a122b
0a122b
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
0a122b
---
0a122b
 block/qcow2-cluster.c |    2 +-
0a122b
 1 files changed, 1 insertions(+), 1 deletions(-)
0a122b
0a122b
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
0a122b
index 87c13ce..943e3c6 100644
0a122b
--- a/block/qcow2-cluster.c
0a122b
+++ b/block/qcow2-cluster.c
0a122b
@@ -55,7 +55,7 @@ int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t min_size,
0a122b
         }
0a122b
     }
0a122b
 
0a122b
-    if (new_l1_size > INT_MAX) {
0a122b
+    if (new_l1_size > INT_MAX / sizeof(uint64_t)) {
0a122b
         return -EFBIG;
0a122b
     }
0a122b
 
0a122b
-- 
0a122b
1.7.1
0a122b