Fix CVE-2008-0928 - insufficient block device address range checking

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4037 c046a42c-6fe2-441c-8c8c-71466251a162
author: aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162> 2008-03-11 17:17:59 +0000
committer: aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162> 2008-03-11 17:17:59 +0000
commit: 902b27d0b8d5bfa840eaf389d7cbcc28b57e3fbe (patch)
tree: 88c3355a4eaf8533669c87a6dab7c8a4afcd8557 /block-vmdk.c
parent: b94ed5772eb31e8fad4b823351e8152839bf722a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/block-vmdk.c b/block-vmdk.c
index 9b5fb7346a..79de09b67e 100644
--- a/block-vmdk.c
+++ b/block-vmdk.c
@@ -378,7 +378,7 @@ static int vmdk_open(BlockDriverState *bs, const char *filename, int flags)
         flags = BDRV_O_RDONLY;
     fprintf(stderr, "(VMDK) image open: flags=0x%x filename=%s\n", flags, bs->filename);
 
-    ret = bdrv_file_open(&s->hd, filename, flags);
+    ret = bdrv_file_open(&s->hd, filename, flags | BDRV_O_AUTOGROW);
     if (ret < 0)
         return ret;
     if (bdrv_pread(s->hd, 0, &magic, sizeof(magic)) != sizeof(magic))
author	aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162>	2008-03-11 17:17:59 +0000
committer	aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162>	2008-03-11 17:17:59 +0000
commit	902b27d0b8d5bfa840eaf389d7cbcc28b57e3fbe (patch)
tree	88c3355a4eaf8533669c87a6dab7c8a4afcd8557 /block-vmdk.c
parent	b94ed5772eb31e8fad4b823351e8152839bf722a (diff)