diff options
author | aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162> | 2008-08-21 22:24:32 +0000 |
---|---|---|
committer | aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162> | 2008-08-21 22:24:32 +0000 |
commit | 334c0241c006533d1f4ed7e07239ec00b46c6efd (patch) | |
tree | 4193191edc5dfdc8dc6e9a4971ae079a77bd9cb1 | |
parent | 7ed9eba3848b99cc6adba520fe5dcdfbe32d657e (diff) |
Add image format option for USB mass-storage devices
(fix CVE-2008-1945)
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5059 c046a42c-6fe2-441c-8c8c-71466251a162
-rw-r--r-- | hw/usb-msd.c | 31 | ||||
-rw-r--r-- | qemu-doc.texi | 6 |
2 files changed, 34 insertions, 3 deletions
diff --git a/hw/usb-msd.c b/hw/usb-msd.c index 01d492d42d..f7ad25e62e 100644 --- a/hw/usb-msd.c +++ b/hw/usb-msd.c @@ -517,13 +517,42 @@ USBDevice *usb_msd_init(const char *filename) { MSDState *s; BlockDriverState *bdrv; + BlockDriver *drv = NULL; + const char *p1; + char fmt[32]; + + p1 = strchr(filename, ':'); + if (p1++) { + const char *p2; + + if (strstart(filename, "format=", &p2)) { + int len = MIN(p1 - p2, sizeof(fmt)); + pstrcpy(fmt, len, p2); + + drv = bdrv_find_format(fmt); + if (!drv) { + printf("invalid format %s\n", fmt); + return NULL; + } + } else if (*filename != ':') { + printf("unrecognized USB mass-storage option %s\n", filename); + return NULL; + } + + filename = p1; + } + + if (!*filename) { + printf("block device specification needed\n"); + return NULL; + } s = qemu_mallocz(sizeof(MSDState)); if (!s) return NULL; bdrv = bdrv_new("usb"); - if (bdrv_open(bdrv, filename, 0) < 0) + if (bdrv_open2(bdrv, filename, 0, drv) < 0) goto fail; if (qemu_key_check(bdrv, filename)) goto fail; diff --git a/qemu-doc.texi b/qemu-doc.texi index 636d819281..9519d9a072 100644 --- a/qemu-doc.texi +++ b/qemu-doc.texi @@ -550,8 +550,10 @@ Pointer device that uses absolute coordinates (like a touchscreen). This means qemu is able to report the mouse position without having to grab the mouse. Also overrides the PS/2 mouse emulation when activated. -@item disk:file -Mass storage device based on file +@item disk:[format=@var{format}]:file +Mass storage device based on file. The optional @var{format} argument +will be used rather than detecting the format. Can be used to specifiy +format=raw to avoid interpreting an untrusted format header. @item host:bus.addr Pass through the host device identified by bus.addr (Linux only). |