From 334c0241c006533d1f4ed7e07239ec00b46c6efd Mon Sep 17 00:00:00 2001 From: aurel32 Date: Thu, 21 Aug 2008 22:24:32 +0000 Subject: Add image format option for USB mass-storage devices (fix CVE-2008-1945) Signed-off-by: Aurelien Jarno git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5059 c046a42c-6fe2-441c-8c8c-71466251a162 --- hw/usb-msd.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) (limited to 'hw/usb-msd.c') diff --git a/hw/usb-msd.c b/hw/usb-msd.c index 01d492d42d..f7ad25e62e 100644 --- a/hw/usb-msd.c +++ b/hw/usb-msd.c @@ -517,13 +517,42 @@ USBDevice *usb_msd_init(const char *filename) { MSDState *s; BlockDriverState *bdrv; + BlockDriver *drv = NULL; + const char *p1; + char fmt[32]; + + p1 = strchr(filename, ':'); + if (p1++) { + const char *p2; + + if (strstart(filename, "format=", &p2)) { + int len = MIN(p1 - p2, sizeof(fmt)); + pstrcpy(fmt, len, p2); + + drv = bdrv_find_format(fmt); + if (!drv) { + printf("invalid format %s\n", fmt); + return NULL; + } + } else if (*filename != ':') { + printf("unrecognized USB mass-storage option %s\n", filename); + return NULL; + } + + filename = p1; + } + + if (!*filename) { + printf("block device specification needed\n"); + return NULL; + } s = qemu_mallocz(sizeof(MSDState)); if (!s) return NULL; bdrv = bdrv_new("usb"); - if (bdrv_open(bdrv, filename, 0) < 0) + if (bdrv_open2(bdrv, filename, 0, drv) < 0) goto fail; if (qemu_key_check(bdrv, filename)) goto fail; -- cgit v1.2.3