qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] qcow2 spec: Describe string header extensions


From: Kevin Wolf
Subject: Re: [Qemu-devel] [PATCH] qcow2 spec: Describe string header extensions
Date: Fri, 8 Mar 2019 11:27:21 +0100
User-agent: Mutt/1.11.3 (2019-02-01)

Am 07.03.2019 um 18:40 hat Eric Blake geschrieben:
> On 3/7/19 10:53 AM, Kevin Wolf wrote:
> > Be more specific about the string representation in header extensions.
> > 
> > Suggested-by: Stefan Hajnoczi <address@hidden>
> > Signed-off-by: Kevin Wolf <address@hidden>
> > ---
> >  docs/interop/qcow2.txt | 14 ++++++++++++--
> >  1 file changed, 12 insertions(+), 2 deletions(-)
> > 
> 
> Based-on: <address@hidden>
> 
> >  
> >  
> > +== String header extensions ==
> > +
> > +Some header extensions (such as the backing file format name and the 
> > external
> > +data file name) are just a single string. In this case, the header 
> > extension
> > +length is the string length and the string is not '\0' terminated. (The 
> > header
> > +extension padding can make it look like a string is '\0' terminated, but
> > +neither is padding always necessary nor is there a guarantee that zero 
> > bytes
> > +are used for padding.)
> 
> We didn't require 0 padding?  (goes and re-reads) - oops, yes that's
> correct.

Yes. QEMU does use zeroes, but the spec doesn't mandate it and changing
it would be an incompatible change. And the worst that could happen is
that someone leaves a hidden message in the padding, which doesn't
really hurt.

> It makes it harder to extend a struct by making use of that
> padding if you can't guarantee what the padding had to be prior to the
> extension, and means that you have to consider whether there are any
> potential security risks of the padding being used as a side channel to
> leak information while still being a well-formed file.

It doesn't actually make it harder because we have the length field
which tells us the exact length of the valid data, so we shouldn't even
try to use any of the padding.

> But changing the standard to require zero padding is different than
> documenting existing practice, so your patch is correct.
> 
> Reviewed-by: Eric Blake <address@hidden>

Thanks!

Kevin

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]