qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PULL for-5.0 4/4] qga: Restrict guest-file-read count to 48 MB to a

From: Philippe Mathieu-Daudé
Subject: Re: [PULL for-5.0 4/4] qga: Restrict guest-file-read count to 48 MB to avoid crashes
Date: Wed, 15 Apr 2020 17:25:12 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 
On 4/15/20 5:22 PM, Michael Roth wrote:

From: Philippe Mathieu-Daudé <address@hidden>

On [*] Daniel Berrangé commented:

   The QEMU guest agent protocol is not sensible way to access huge
   files inside the guest. It requires the inefficient process of
   reading the entire data into memory than duplicating it again in
   base64 format, and then copying it again in the JSON serializer /
   monitor code.

   For arbitrary general purpose file access, especially for large
   files, use a real file transfer program or use a network block
   device, not the QEMU guest agent.

To avoid bug reports as BZ#1594054 (CVE-2018-12617), follow his
suggestion to put a low, hard limit on "count" in the guest agent
QAPI schema, and don't allow count to be larger than 48 MB.

[*] https://www.mail-archive.com/address@hidden/msg693176.html

Fixes: CVE-2018-12617
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1594054
Reported-by: Fakhri Zulkifli <address@hidden>
Suggested-by: Daniel P. Berrangé <address@hidden>
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Daniel P. Berrangé <address@hidden>
*update schema documentation to indicate 48MB limit instead of 10MB


Thanks!


Signed-off-by: Michael Roth <address@hidden>
---
  qga/commands.c       | 9 ++++++++-
  qga/qapi-schema.json | 6 ++++--
  2 files changed, 12 insertions(+), 3 deletions(-)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]