QEMU-Nyx-fork

Go to file

Daniel P. Berrange 2cdb5e142f CVE-2015-1779: limit size of HTTP headers from websockets clients

The VNC server websockets decoder will read and buffer data from
websockets clients until it sees the end of the HTTP headers,
as indicated by \r\n\r\n. In theory this allows a malicious to
trick QEMU into consuming an arbitrary amount of RAM. In practice,
because QEMU runs g_strstr_len() across the buffered header data,
it will spend increasingly long burning CPU time searching for
the substring match and less & less time reading data. So while
this does cause arbitrary memory growth, the bigger problem is
that QEMU will be burning 100% of available CPU time.

A novnc websockets client typically sends headers of around
512 bytes in length. As such it is reasonable to place a 4096
byte limit on the amount of data buffered while searching for
the end of HTTP headers.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

2015-04-01 17:12:55 +02:00

audio

audio: Don't free hw resources until after hw backend is stopped

2014-12-22 23:12:25 +00:00

backends

hostmem: Prevent removing an in-use memory backend

2015-04-01 10:06:38 +02:00

block

Block patches for 2.3.0-rc1

2015-03-19 17:47:08 +00:00

bsd-user

cpu: Make cpu_init() return QOM CPUState object

2015-03-10 17:33:51 +01:00

default-configs

hw/usb: Include USB files only if necessary

2015-03-18 11:50:47 +01:00

disas

cris: remove unused cris_cond15 declarations

2015-03-19 11:11:55 +03:00

docs

docs: add memory-hotplug.txt

2015-03-04 13:00:36 -05:00

dtc @ bc895d6d09

dtc: add submodule

2013-04-18 13:50:53 +02:00

fpu

softfloat: expand out STATUS macro

2015-02-06 16:11:38 +00:00

fsdev

Fix typos in comments

2015-03-19 11:30:37 +03:00

gdb-xml

s390x/gdb: add the feature xml files for s390x

2014-09-01 09:45:19 +02:00

pc: acpi: fix pvpanic regression

2015-04-01 10:06:38 +02:00

include

rcu: do not create thread in pthread_atfork callback

2015-04-01 10:06:38 +02:00

libcacard

libcacard: stop linking against every single 3rd party library

2015-02-10 09:27:20 +03:00

libdecnumber

libdecnumber: Fix warnings from smatch (missing static, boolean operations)

2014-08-24 13:21:06 +04:00

linux-headers

synchronize Linux headers to 4.0-rc3

2015-03-10 09:26:22 +01:00

linux-user

rcu: do not create thread in pthread_atfork callback

2015-04-01 10:06:38 +02:00

migration

rdma: Fix cleanup in error paths

2015-03-26 15:31:46 +01:00

net

net: synchronize net_host_device_remove with host_net_remove_completion

2015-03-12 19:59:39 +00:00

pc-bios

pseries: Update SLOF firmware image to qemu-slof-20150313

2015-03-25 22:49:45 +01:00

pixman @ 87eea99e44

pixman: update internal copy to pixman-0.32.6

2014-09-15 08:14:19 +02:00

po: fix conflict with %.mo rule in rules.mak

2014-09-26 13:35:08 +02:00

qapi

block: Document blockdev-add's immaturity

2015-03-27 10:01:12 +00:00

qga

qga/commands-posix: Fix resource leak

2015-03-19 11:39:18 +03:00

qobject

qjson: Drop trailing space for pretty formatting

2014-12-10 10:25:30 +01:00

qom

qom: Add can_be_deleted callback to UserCreatableClass

2015-04-01 10:06:38 +02:00

roms

pseries: Update SLOF firmware image to qemu-slof-20150313

2015-03-25 22:49:45 +01:00

scripts

build: pass .d file name to scripts/make_device_config.sh, fix makefile target

2015-03-18 12:07:25 +01:00

slirp

slirp: udp: fix NULL pointer dereference because of uninitialized socket

2014-09-23 19:15:05 +01:00

stubs

pci, pc, virtio fixes and cleanups

2015-03-09 09:14:28 +00:00

sysconfigs/target

Eliminate cpus-x86_64.conf file

2012-09-21 15:12:58 +02:00

target-alpha

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-arm

target-arm: Ignore low bit of PC in M-profile exception return

2015-03-16 12:30:47 +00:00

target-cris

cris: remove unused cris_cond15 declarations

2015-03-19 11:11:55 +03:00

target-i386

target-i386: Haswell-noTSX and Broadwell-noTSX

2015-03-19 16:35:14 -03:00

target-lm32

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-m68k

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-microblaze

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-mips

trivial patches for 2015-03-19

2015-03-19 14:10:20 +00:00

target-moxie

target-moxie: Fix warnings from Sparse (one-bit signed bitfield)

2015-03-19 11:11:55 +03:00

target-openrisc

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-ppc

target-ppc: Remove POWER5+ v0.0 that never existed

2015-03-25 22:49:46 +01:00

target-s390x

Final batch of s390x enhancements/fixes for 2.3:

2015-03-16 11:44:55 +00:00

target-sh4

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-sparc

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-tricore

target-tricore: fix CACHEA/I_POSTINC/PREINC using data register..

2015-03-30 13:39:38 +02:00

target-unicore32

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-xtensa

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

tcg

tcg/optimize: Handle or r,a,a with constant a

2015-03-16 08:46:13 -07:00

tests

i440fx-test: Fix test paths to include architecture

2015-03-30 19:24:54 +02:00

trace

Remove superfluous '\n' around error_report()

2015-03-10 08:15:33 +03:00

CVE-2015-1779: limit size of HTTP headers from websockets clients

2015-04-01 17:12:55 +02:00

util

rcu: do not create thread in pthread_atfork callback

2015-04-01 10:06:38 +02:00

.exrc

qemu: add .exrc

2012-09-07 09:02:44 +03:00

.gitignore

gitignore: Track common.env in iotests gitignore

2015-03-10 08:15:34 +03:00

.gitmodules

PPC: Add u-boot firmware for e500

2014-06-16 13:24:35 +02:00

.mailmap

Update mailmap

2013-09-05 09:40:31 -05:00

.travis.yml

.travis.yml: Add "--enable-modules"

2015-01-26 12:27:05 +01:00

accel.c

accel: Create accel object when initializing machine

2014-10-09 15:36:14 +02:00

aio-posix.c

block: Use g_new0() for a bit of extra type checking

2014-12-10 10:31:21 +01:00

aio-win32.c

block: Use g_new0() for a bit of extra type checking

2014-12-10 10:31:21 +01:00

arch_init.c

migration: remove last_sent_block from save_page_header

2015-03-26 15:31:46 +01:00

async.c

block: replace g_new0 with g_new for bottom half allocation.

2015-01-13 11:47:56 +00:00

balloon.c

balloon: Fix typo

2015-02-23 10:56:09 -05:00

block.c

block: Fix unaligned zero write

2015-03-27 10:01:12 +00:00

blockdev-nbd.c

nbd: Fix up comment after commit e140177

2015-03-25 13:38:07 +01:00

blockdev.c

block: Fix blockdev-backup not to use funky error class

2015-03-19 16:02:59 +01:00

blockjob.c

block: declare blockjobs and dataplane friends!

2014-11-03 11:41:49 +00:00

bootdevice.c

misc: fix typos in copyright declaration

2015-03-26 14:21:43 +01:00

bt-host.c

sysemu: avoid proliferation of include/ subdirectories

2013-04-15 18:19:25 +02:00

bt-vhci.c

sysemu: avoid proliferation of include/ subdirectories

2013-04-15 18:19:25 +02:00

Changelog

Use qemu-project.org domain name

2013-10-11 09:34:56 -07:00

CODING_STYLE

CODING_STYLE: Section about conditional statement

2014-08-15 18:54:06 +04:00

configure

seccomp: libseccomp version varying according to arch

2015-03-26 16:58:22 +00:00

COPYING

…

COPYING.LIB

…

coroutine-gthread.c

glib-compat.h: add new thread API emulation on top of pre-2.31 API

2014-06-10 07:44:01 +02:00

coroutine-sigaltstack.c

coroutine-sigaltstack: Change jmp_buf to sigjmp_buf

2014-11-11 11:07:55 +03:00

coroutine-ucontext.c

coroutine-ucontext: use __thread

2015-01-13 13:43:28 +00:00

coroutine-win32.c

coroutine-win32.c: Add noinline attribute to work around gcc bug

2014-06-26 14:08:14 +01:00

cpu-exec.c

- vhost-scsi: add bootindex property

2015-02-24 13:58:18 +00:00

cpus.c

cpus: Don't kick un-realized cpus.

2015-03-25 13:38:07 +01:00

cputlb.c

exec: RCUify AddressSpaceDispatch

2015-02-16 17:30:19 +01:00

device_tree.c

machine: query phandle-start machine property

2015-03-11 18:17:11 +01:00

device-hotplug.c

pci-hotplug-old: Has been dead for five major releases, bury

2015-03-01 12:37:54 +01:00

disas.c

monitor: QEMU Monitor Instruction Disassembly Incorrect for PowerPC LE Mode

2014-06-16 13:24:26 +02:00

dma-helpers.c

hw: Convert from BlockDriverState to BlockBackend, mostly

2014-10-20 14:02:25 +02:00

dump.c

dump: Fix dump-guest-memory termination and use-after-close

2014-11-02 10:04:34 +03:00

exec.c

Revert "exec: Respect as_tranlsate_internal length clamp"

2015-04-01 10:06:38 +02:00

gdbstub.c

gdbstub: avoid possible NULL pointer dereference

2015-03-10 08:15:34 +03:00

HACKING

HACKING: Document vaddr type usage

2013-07-23 02:41:31 +02:00

hmp-commands.hx

hmp: Fix texinfo documentation

2015-03-19 11:35:52 +03:00

hmp.c

migration/next for 20150317

2015-03-17 17:11:33 +00:00

hmp.h

qom: Implement qom-set HMP command

2015-03-17 14:31:15 +01:00

iohandler.c

iohandler.c: Properly initialize sigaction struct

2014-05-24 00:07:29 +04:00

ioport.c

memory: convert memory_region_destroy to object_unparent

2014-08-18 12:06:20 +02:00

iothread.c

async: aio_context_new(): Handle event_notifier_init failure

2014-09-22 11:39:48 +01:00

kvm-all.c

kvm: fix ioeventfd endianness on bi-endian architectures

2015-03-18 12:07:30 +01:00

kvm-stub.c

pc: kvm: check if KVM has free memory slots to avoid abort()

2014-11-23 12:11:29 +02:00

LICENSE

vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio

2014-12-19 15:24:06 -07:00

main-loop.c

Revert "main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously"

2014-10-27 15:05:09 +00:00

MAINTAINERS

misc fixes and cleanups

2015-03-12 09:13:07 +00:00

Makefile

build: pass .d file name to scripts/make_device_config.sh, fix makefile target

2015-03-18 12:07:25 +01:00

Makefile.objs

QJSON: Add JSON writer

2015-02-05 17:16:14 +01:00

Makefile.target

Makefile.target: binary depends on config-devices

2015-03-01 19:41:50 +01:00

memory_mapping.c

Add skip_dump flag to ignore memory region during dump

2014-10-31 11:29:01 +01:00

memory.c

memory: Move owner-less MemoryRegions to /machine/unattached

2015-03-17 14:31:26 +01:00

module-common.c

module: implement module loading

2014-02-20 13:14:18 +01:00

monitor.c

usb: bugfix collection.

2015-03-20 09:50:08 +00:00

nbd.c

nbd: Drop unexpected data for NBD_OPT_LIST

2015-03-18 12:07:16 +01:00

numa.c

numa: Print warning if no node is assigned to a CPU

2015-03-19 16:20:15 -03:00

os-posix.c

rcu: do not create thread in pthread_atfork callback

2015-04-01 10:06:38 +02:00

os-win32.c

pidfile: stop making pidfile error a special case

2014-11-02 10:04:34 +03:00

page_cache.c

xbzrle: rebuild the cache_is_cached function

2015-01-15 17:49:43 +05:30

qapi-schema.json

migration: Convert 'status' of MigrationInfo to use an enum type

2015-03-17 15:20:37 +01:00

qdev-monitor.c

qom: Implement info qom-tree HMP command

2015-03-17 14:31:21 +01:00

qdict-test-data.txt

…

qemu-bridge-helper.c

qemu-bridge-helper: Fix fd leak in main()

2014-06-27 10:39:10 +02:00

qemu-char.c

qemu-img: Suppress unhelpful extra errors in convert, amend

2015-02-26 14:51:21 +01:00

qemu-coroutine-io.c

coroutine-io: Return -errno in case of error

2015-03-18 12:07:21 +01:00

qemu-coroutine-lock.c

coroutine: remove qemu_co_queue_wait_insert_head

2013-12-02 17:11:49 +01:00

qemu-coroutine-sleep.c

coroutine: Drop co_sleep_ns

2014-08-29 10:46:58 +01:00

qemu-coroutine.c

coroutine: Clean up qemu_coroutine_enter()

2015-03-09 11:11:59 +01:00

qemu-doc.texi

raw-posix: Deprecate host floppy passthrough

2015-03-19 11:43:02 +01:00

qemu-img-cmds.hx

qemu-img: Add progress output for amend

2014-11-03 11:41:48 +00:00

qemu-img.c

qemu-img: Avoid qerror_report_err() outside QMP handlers, again

2015-03-16 17:07:25 +01:00

qemu-img.texi

qemu-img: Add progress output for amend

2014-11-03 11:41:48 +00:00

qemu-io-cmds.c

qemu-io: Use BlockBackend

2015-02-16 15:07:19 +00:00

qemu-io.c

Clean up around error_get_pretty(), qerror_report_err()

2015-02-26 07:01:08 +00:00

qemu-log.c

qemu-log: Correct help text of 'log cpu_reset'

2015-02-10 09:27:20 +03:00

qemu-nbd.c

nbd: Set block size to BDRV_SECTOR_SIZE

2015-03-18 12:07:01 +01:00

qemu-nbd.texi

nbd: Miscellaneous typo fixes.

2014-05-24 00:07:29 +04:00

qemu-options-wrapper.h

…

qemu-options.h

…

qemu-options.hx

Block patches for 2.3.0-rc1

2015-03-19 17:47:08 +00:00

qemu-seccomp.c

seccomp: add mlockall to whitelist

2015-01-23 14:07:08 +01:00

qemu-tech.texi

qemu-tech.texi: update implemented xtensa features list

2012-11-29 13:00:52 -06:00

qemu-timer.c

qemu-timer.c: Trim list of included headers

2015-01-26 18:15:54 +00:00

qemu.nsi

nsis: Improved support for parallel installation of 32 and 64 bit code

2013-11-07 07:02:44 +01:00

qemu.sasl

sasl: Avoid 'Could not find keytab file' in syslog

2014-03-15 13:54:18 +04:00

qjson.c

QJSON: fix typo in author's email address

2015-02-10 09:27:20 +03:00

qmp-commands.hx

block: Document blockdev-add's immaturity

2015-03-27 10:01:12 +00:00

qmp.c

qom: Add can_be_deleted callback to UserCreatableClass

2015-04-01 10:06:38 +02:00

qtest.c

qtest: Use qemu_opt_set() instead of qemu_opts_parse()

2015-02-26 14:52:13 +01:00

README

Use qemu-project.org domain name

2013-10-11 09:34:56 -07:00

rules.mak

rules.mak: Fix module build

2015-01-14 10:38:57 +01:00

savevm.c

error: Replace error_report() & error_free() with error_report_err()

2015-03-19 11:11:55 +03:00

softmmu_template.h

exec: make iotlb RCU-friendly

2015-02-16 17:30:19 +01:00

spice-qemu-char.c

spice: Add missing 'static' attribute

2015-02-10 10:26:05 +03:00

tcg-runtime.c

tcg: Push tcg-runtime routines into exec/helper-*

2014-05-28 09:33:54 -07:00

tci.c

tcg: Remove unused opcodes

2015-02-12 21:21:38 -08:00

thread-pool.c

block: Rename BlockDriverCompletionFunc to BlockCompletionFunc

2014-10-20 13:41:27 +02:00

thunk.c

exec: move include files to include/exec/

2012-12-19 08:31:31 +01:00

tpm.c

tpm: Remove superfluous '\n' around error_report()

2015-03-10 08:15:33 +03:00

trace-events

s390x/kvm: trace all SIGP orders

2015-03-10 09:26:22 +01:00

translate-all.c

translate-all: Use g_try_malloc() for dynamic translator buffer

2015-02-10 09:27:21 +03:00

translate-all.h

translate-all: Change tb_check_watchpoint() argument to CPUState

2014-03-13 19:20:48 +01:00

user-exec.c

user-exec.c: fix build on NetBSD/sparc64 and NetBSD/arm

2015-03-13 15:57:00 +00:00

VERSION

Update version for v2.3.0-rc1 release

2015-03-24 16:34:16 +00:00

version.rc

Use qemu-project.org domain name

2013-10-11 09:34:56 -07:00

vl.c

Avoid crashing on multiple -incoming

2015-03-26 15:31:46 +01:00

xen-common-stub.c

accel: Move Xen registration code to xen-common.c

2014-10-04 08:59:15 +02:00

xen-common.c

accel: Pass MachineState object to accel init functions

2014-10-09 12:57:10 +02:00

xen-hvm-stub.c

xen: Remove xen_cmos_set_s3_resume()

2015-03-10 08:15:33 +03:00

xen-hvm.c

Xen: Use the ioreq-server API when available

2015-01-20 14:24:10 +00:00

xen-mapcache.c

xen: add a lock for the mapcache

2015-01-20 14:24:17 +00:00

README

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team

Languages

C 90.3%

Dylan 2.5%

Python 2.1%

C++ 2%

Shell 1.7%

Other 1.4%