Re: [Qemu-block] [PATCH] qcow2 spec: Describe string header extensions

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] [PATCH] qcow2 spec: Describe string header extensions

From:	Kevin Wolf
Subject:	Re: [Qemu-block] [PATCH] qcow2 spec: Describe string header extensions
Date:	Fri, 8 Mar 2019 11:27:21 +0100
User-agent:	Mutt/1.11.3 (2019-02-01)

Am 07.03.2019 um 18:40 hat Eric Blake geschrieben:
> On 3/7/19 10:53 AM, Kevin Wolf wrote:
> > Be more specific about the string representation in header extensions.
> > 
> > Suggested-by: Stefan Hajnoczi <address@hidden>
> > Signed-off-by: Kevin Wolf <address@hidden>
> > ---
> >  docs/interop/qcow2.txt | 14 ++++++++++++--
> >  1 file changed, 12 insertions(+), 2 deletions(-)
> > 
> 
> Based-on: <address@hidden>
> 
> >  
> >  
> > +== String header extensions ==
> > +
> > +Some header extensions (such as the backing file format name and the 
> > external
> > +data file name) are just a single string. In this case, the header 
> > extension
> > +length is the string length and the string is not '\0' terminated. (The 
> > header
> > +extension padding can make it look like a string is '\0' terminated, but
> > +neither is padding always necessary nor is there a guarantee that zero 
> > bytes
> > +are used for padding.)
> 
> We didn't require 0 padding?  (goes and re-reads) - oops, yes that's
> correct.

Yes. QEMU does use zeroes, but the spec doesn't mandate it and changing
it would be an incompatible change. And the worst that could happen is
that someone leaves a hidden message in the padding, which doesn't
really hurt.

> It makes it harder to extend a struct by making use of that
> padding if you can't guarantee what the padding had to be prior to the
> extension, and means that you have to consider whether there are any
> potential security risks of the padding being used as a side channel to
> leak information while still being a well-formed file.

It doesn't actually make it harder because we have the length field
which tells us the exact length of the valid data, so we shouldn't even
try to use any of the padding.

> But changing the standard to require zero padding is different than
> documenting existing practice, so your patch is correct.
> 
> Reviewed-by: Eric Blake <address@hidden>

Thanks!

Kevin

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-block] [PATCH] qcow2 spec: Describe string header extensions, Kevin Wolf, 2019/03/07
- Re: [Qemu-block] [PATCH] qcow2 spec: Describe string header extensions, Eric Blake, 2019/03/07
  - Re: [Qemu-block] [PATCH] qcow2 spec: Describe string header extensions, Kevin Wolf <=
- Re: [Qemu-block] [PATCH] qcow2 spec: Describe string header extensions, Stefan Hajnoczi, 2019/03/07

Prev by Date: Re: [Qemu-block] [Qemu-devel] [PATCH v4 2/4] tests/bios-tables: Improve portability by searching bash in the $PATH
Next by Date: Re: [Qemu-block] [PATCH v4 07/15] ppc405_boards: Delete stale, disabled DEBUG_BOARD_INIT code
Previous by thread: Re: [Qemu-block] [PATCH] qcow2 spec: Describe string header extensions
Next by thread: Re: [Qemu-block] [PATCH] qcow2 spec: Describe string header extensions
Index(es):
- Date
- Thread