aboutsummaryrefslogtreecommitdiff
path: root/emulators
diff options
context:
space:
mode:
authorJuergen Lock <nox@FreeBSD.org>2008-12-04 22:36:46 +0000
committerJuergen Lock <nox@FreeBSD.org>2008-12-04 22:36:46 +0000
commitd6764fe00eb1f91301565e85729ecc2102271cf5 (patch)
tree61ced6ec768a227428ab0088aed54eef0d66f98a /emulators
parent3616dfb77fdb0c9c7c4eb51a696580daeb729268 (diff)
Attempt to fix savevm that was broken by the original patch-CVE-2008-0928
by allowing writes outside the disk image boundaries if the guest isn't running. PR: ports/129417 Submitted by: Nate Eldredge <neldredge@math.ucsd.edu> Obtained from: debian (sid kvm_72+dfsg-3.diff.gz, adapted)
Notes
Notes: svn path=/head/; revision=223790
Diffstat (limited to 'emulators')
-rw-r--r--emulators/qemu-devel/Makefile2
-rw-r--r--emulators/qemu-devel/files/patch-CVE-2008-092834
-rw-r--r--emulators/qemu/Makefile2
-rw-r--r--emulators/qemu/files/patch-CVE-2008-092834
4 files changed, 54 insertions, 18 deletions
diff --git a/emulators/qemu-devel/Makefile b/emulators/qemu-devel/Makefile
index 76670169dcff..1b5d277e3fed 100644
--- a/emulators/qemu-devel/Makefile
+++ b/emulators/qemu-devel/Makefile
@@ -7,7 +7,7 @@
PORTNAME= qemu
PORTVERSION= 0.9.1s.20080620
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= emulators
MASTER_SITES= http://bellard.org/qemu/:release \
http://qemu-forum.ipi.fi/qemu-snapshots/:snapshot \
diff --git a/emulators/qemu-devel/files/patch-CVE-2008-0928 b/emulators/qemu-devel/files/patch-CVE-2008-0928
index e0d4a7d9b783..a6b07289c5c5 100644
--- a/emulators/qemu-devel/files/patch-CVE-2008-0928
+++ b/emulators/qemu-devel/files/patch-CVE-2008-0928
@@ -50,20 +50,26 @@ diff -u -p -u -p -r1.19 -r1.20
return ret;
if (bdrv_pread(s->hd, 0, &magic, sizeof(magic)) != sizeof(magic))
Index: qemu/block.c
-===================================================================
-RCS file: /sources/qemu/qemu/block.c,v
-retrieving revision 1.54
-retrieving revision 1.55
-diff -u -p -u -p -r1.54 -r1.55
---- block.c 10 Mar 2008 00:05:34 -0000 1.54
-+++ block.c 11 Mar 2008 17:17:58 -0000 1.55
-@@ -123,6 +123,60 @@ void path_combine(char *dest, int dest_s
+@@ -24,6 +24,9 @@
+ #include "qemu-common.h"
+ #ifndef QEMU_IMG
+ #include "console.h"
++extern int vm_running;
++#else
++int vm_running = 0;
+ #endif
+ #include "block_int.h"
+
+@@ -124,6 +128,75 @@
}
}
+static int bdrv_rd_badreq_sectors(BlockDriverState *bs,
+ int64_t sector_num, int nb_sectors)
+{
++ if (!vm_running)
++ return 0;
++
+ return
+ nb_sectors < 0 ||
+ sector_num < 0 ||
@@ -75,6 +81,10 @@ diff -u -p -u -p -r1.54 -r1.55
+ int64_t offset, int count)
+{
+ int64_t size = bs->total_sectors << SECTOR_BITS;
++
++ if (!vm_running)
++ return 0;
++
+ return
+ count < 0 ||
+ size < 0 ||
@@ -85,6 +95,10 @@ diff -u -p -u -p -r1.54 -r1.55
+static int bdrv_wr_badreq_sectors(BlockDriverState *bs,
+ int64_t sector_num, int nb_sectors)
+{
++
++ if (!vm_running)
++ return 0;
++
+ if (sector_num < 0 ||
+ nb_sectors < 0)
+ return 1;
@@ -102,6 +116,10 @@ diff -u -p -u -p -r1.54 -r1.55
+ int64_t offset, int count)
+{
+ int64_t size = bs->total_sectors << SECTOR_BITS;
++
++ if (!vm_running)
++ return 0;
++
+ if (count < 0 ||
+ offset < 0)
+ return 1;
diff --git a/emulators/qemu/Makefile b/emulators/qemu/Makefile
index a3216aacc018..2737c77ae355 100644
--- a/emulators/qemu/Makefile
+++ b/emulators/qemu/Makefile
@@ -7,7 +7,7 @@
PORTNAME= qemu
PORTVERSION= 0.9.1
-PORTREVISION= 10
+PORTREVISION= 11
CATEGORIES= emulators
MASTER_SITES= http://bellard.org/qemu/:release \
http://qemu.org/:release \
diff --git a/emulators/qemu/files/patch-CVE-2008-0928 b/emulators/qemu/files/patch-CVE-2008-0928
index e0d4a7d9b783..a6b07289c5c5 100644
--- a/emulators/qemu/files/patch-CVE-2008-0928
+++ b/emulators/qemu/files/patch-CVE-2008-0928
@@ -50,20 +50,26 @@ diff -u -p -u -p -r1.19 -r1.20
return ret;
if (bdrv_pread(s->hd, 0, &magic, sizeof(magic)) != sizeof(magic))
Index: qemu/block.c
-===================================================================
-RCS file: /sources/qemu/qemu/block.c,v
-retrieving revision 1.54
-retrieving revision 1.55
-diff -u -p -u -p -r1.54 -r1.55
---- block.c 10 Mar 2008 00:05:34 -0000 1.54
-+++ block.c 11 Mar 2008 17:17:58 -0000 1.55
-@@ -123,6 +123,60 @@ void path_combine(char *dest, int dest_s
+@@ -24,6 +24,9 @@
+ #include "qemu-common.h"
+ #ifndef QEMU_IMG
+ #include "console.h"
++extern int vm_running;
++#else
++int vm_running = 0;
+ #endif
+ #include "block_int.h"
+
+@@ -124,6 +128,75 @@
}
}
+static int bdrv_rd_badreq_sectors(BlockDriverState *bs,
+ int64_t sector_num, int nb_sectors)
+{
++ if (!vm_running)
++ return 0;
++
+ return
+ nb_sectors < 0 ||
+ sector_num < 0 ||
@@ -75,6 +81,10 @@ diff -u -p -u -p -r1.54 -r1.55
+ int64_t offset, int count)
+{
+ int64_t size = bs->total_sectors << SECTOR_BITS;
++
++ if (!vm_running)
++ return 0;
++
+ return
+ count < 0 ||
+ size < 0 ||
@@ -85,6 +95,10 @@ diff -u -p -u -p -r1.54 -r1.55
+static int bdrv_wr_badreq_sectors(BlockDriverState *bs,
+ int64_t sector_num, int nb_sectors)
+{
++
++ if (!vm_running)
++ return 0;
++
+ if (sector_num < 0 ||
+ nb_sectors < 0)
+ return 1;
@@ -102,6 +116,10 @@ diff -u -p -u -p -r1.54 -r1.55
+ int64_t offset, int count)
+{
+ int64_t size = bs->total_sectors << SECTOR_BITS;
++
++ if (!vm_running)
++ return 0;
++
+ if (count < 0 ||
+ offset < 0)
+ return 1;