From 0a5d705e471c975ca6ca4547cd3a0eb5fa5d3291 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Mon, 27 Nov 2017 17:28:39 +0100
Subject: [PATCH 7/9] qcow2: Prevent backing file names longer than 1023

RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20171127172839.22264-2-mreitz@redhat.com>
Patchwork-id: 77916
O-Subject: [RHEL-7.5 qemu-kvm PATCH 1/1] qcow2: Prevent backing file names longer than 1023
Bugzilla: 1459714
RH-Acked-by: John Snow <jsnow@redhat.com>
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

We reject backing file names with a length of more than 1023 characters
when opening a qcow2 file, so we should not produce such files
ourselves.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 4e876bcf2bdb3a7353df92d19bfec0afd1650bc4)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 block/qcow2.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/block/qcow2.c b/block/qcow2.c
index 61f7e57..dc831ba 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -1497,6 +1497,10 @@ static int qcow2_change_backing_file(BlockDriverState *bs,
 {
     BDRVQcowState *s = bs->opaque;
 
+    if (backing_file && strlen(backing_file) > 1023) {
+        return -EINVAL;
+    }
+
     pstrcpy(bs->backing_file, sizeof(bs->backing_file), backing_file ?: "");
     pstrcpy(bs->backing_format, sizeof(bs->backing_format), backing_fmt ?: "");
 
-- 
1.8.3.1