5d360b
From 0a5d705e471c975ca6ca4547cd3a0eb5fa5d3291 Mon Sep 17 00:00:00 2001
5d360b
From: Max Reitz <mreitz@redhat.com>
5d360b
Date: Mon, 27 Nov 2017 17:28:39 +0100
5d360b
Subject: [PATCH 7/9] qcow2: Prevent backing file names longer than 1023
5d360b
5d360b
RH-Author: Max Reitz <mreitz@redhat.com>
5d360b
Message-id: <20171127172839.22264-2-mreitz@redhat.com>
5d360b
Patchwork-id: 77916
5d360b
O-Subject: [RHEL-7.5 qemu-kvm PATCH 1/1] qcow2: Prevent backing file names longer than 1023
5d360b
Bugzilla: 1459714
5d360b
RH-Acked-by: John Snow <jsnow@redhat.com>
5d360b
RH-Acked-by: Fam Zheng <famz@redhat.com>
5d360b
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
5d360b
5d360b
We reject backing file names with a length of more than 1023 characters
5d360b
when opening a qcow2 file, so we should not produce such files
5d360b
ourselves.
5d360b
5d360b
Cc: qemu-stable@nongnu.org
5d360b
Signed-off-by: Max Reitz <mreitz@redhat.com>
5d360b
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
5d360b
(cherry picked from commit 4e876bcf2bdb3a7353df92d19bfec0afd1650bc4)
5d360b
Signed-off-by: Max Reitz <mreitz@redhat.com>
5d360b
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
5d360b
---
5d360b
 block/qcow2.c | 4 ++++
5d360b
 1 file changed, 4 insertions(+)
5d360b
5d360b
diff --git a/block/qcow2.c b/block/qcow2.c
5d360b
index 61f7e57..dc831ba 100644
5d360b
--- a/block/qcow2.c
5d360b
+++ b/block/qcow2.c
5d360b
@@ -1497,6 +1497,10 @@ static int qcow2_change_backing_file(BlockDriverState *bs,
5d360b
 {
5d360b
     BDRVQcowState *s = bs->opaque;
5d360b
 
5d360b
+    if (backing_file && strlen(backing_file) > 1023) {
5d360b
+        return -EINVAL;
5d360b
+    }
5d360b
+
5d360b
     pstrcpy(bs->backing_file, sizeof(bs->backing_file), backing_file ?: "");
5d360b
     pstrcpy(bs->backing_format, sizeof(bs->backing_format), backing_fmt ?: "");
5d360b
 
5d360b
-- 
5d360b
1.8.3.1
5d360b