falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
adding Irix (and, to a lesser extent, Solaris) userland emulation to QEMU
20,132 Commits 28 Branches 227 Tags 202 MiB
C 91.8%
Dylan 2.4%
Python 1.9%
Shell 1.3%
C++ 1%
Other 1.5%
Go to file
Jim Meyering eba25057b9 block: prevent snapshot mode $TMPDIR symlink attack 
In snapshot mode, bdrv_open creates an empty temporary file without
checking for mkstemp or close failure, and ignoring the possibility
of a buffer overrun given a surprisingly long $TMPDIR.
Change the get_tmp_filename function to return int (not void),
so that it can inform its two callers of those failures.
Also avoid the risk of buffer overrun and do not ignore mkstemp
or close failure.
Update both callers (in block.c and vvfat.c) to propagate
temp-file-creation failure to their callers.

get_tmp_filename creates and closes an empty file, while its
callers later open that presumed-existing file with O_CREAT.
The problem was that a malicious user could provoke mkstemp failure
and race to create a symlink with the selected temporary file name,
thus causing the qemu process (usually root owned) to open through
the symlink, overwriting an attacker-chosen file.

This addresses CVE-2012-2652.
http://bugzilla.redhat.com/CVE-2012-2652

Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
 		2012-05-30 14:48:40 +08:00
QMP qom: quick and dirty QOM filesystem based on FUSE 2012-04-26 13:14:57 -05:00
audio audio: Always call fini on exit 2012-05-24 19:35:27 +04:00
block block: prevent snapshot mode $TMPDIR symlink attack 2012-05-30 14:48:40 +08:00
bsd-user bsd-user: fix compile failure 2012-04-13 09:57:36 +01:00
default-configs Drop darwin-user 2012-05-01 00:17:27 +02:00
docs xhci: add usage info to docs 2012-05-30 10:28:44 +08:00
fpu softfloat: Replace int16 type with int_fast16_t 2012-04-28 09:13:26 +00:00
fsdev Replace Qemu by QEMU in user visible documentation 2012-04-07 13:58:06 +00:00
gdb-xml
hw pci: call object_unparent() before free_qdev() 2012-05-29 20:19:24 -05:00
include/qemu qom: Documentation addition for object_class_by_name() 2012-05-12 14:17:52 +02:00
libcacard libcacard/vcard_emul_nss: add warning for old coolkey 2012-03-26 18:39:00 +02:00
linux-headers kvm: update linux headers 2012-04-12 19:01:42 -03:00
linux-user linux-user: Fix stale tbs after mmap 2012-05-19 15:49:40 +00:00
net Declare state directory in smb.conf 2012-05-01 19:08:44 -03:00
pc-bios pc-bios: update OpenBIOS images 2012-05-01 10:58:04 +00:00
qapi qapi: add support for command options 2012-05-15 09:15:16 -05:00
qga qemu-ga: Fix missing environ declaration 2012-05-24 13:06:33 -05:00
qom qdev: Use object_property_print() in info qtree 2012-05-12 14:17:52 +02:00
roms seabios: update to 1.7.0 2012-04-17 10:51:41 +02:00
scripts qapi: add support for command options 2012-05-15 09:15:16 -05:00
slirp slirp: Avoid redefining MAX_TCPOPTLEN 2012-05-28 22:44:27 +02:00
sysconfigs/target move CPU definitions to /usr/share/qemu/cpus-x86_64.conf (v2) 2012-05-10 12:37:57 -05:00
target-alpha target-alpha: QOM'ify CPU init 2012-04-15 21:26:55 +02:00
target-arm target-arm/cpu.h: Make cpu_init("nonexistent cpu") return NULL 2012-05-10 12:56:09 +00:00
target-cris target-cris: Start QOM'ifying CPU init 2012-04-24 16:04:56 +02:00
target-i386 Expose CPUID leaf 7 only for -cpu host 2012-05-30 10:28:44 +08:00
target-lm32 Use uintptr_t for various op related functions 2012-04-14 14:23:37 +00:00
target-m68k target-m68k: Add QOM CPU subclasses 2012-04-30 11:32:13 +02:00
target-microblaze target-microblaze: impelemented swapx instructions 2012-05-18 12:17:52 +02:00
target-mips mips: Fix BC1ANY[24]F instructions 2012-05-19 15:51:44 +00:00
target-ppc target-ppc: Some support for dumping TLB_EMB TLBs 2012-05-01 21:47:01 +02:00
target-s390x S390: dont call system_shutdown on disabled wait 2012-05-01 21:04:06 +02:00
target-sh4 target-sh4: Start QOM'ifying CPU init 2012-04-30 11:32:10 +02:00
target-sparc fix block loads broken in commit 30038fd818 2012-05-12 09:48:05 +00:00
target-unicore32 target-unicore32: Move CPU-dependent init into initfn 2012-03-30 11:09:31 +02:00
target-xtensa target-xtensa: fix LOOPNEZ/LOOPGTZ translation 2012-04-21 13:24:45 +00:00
tcg tcg/ppc: Handle _CALL_DARWIN being undefined on Darwin 2012-05-27 21:52:56 +04:00
tests fdc-test: introduced qtest no_media_on_start and cmos qtest for floppy 2012-05-25 18:23:47 +02:00
trace
ui vnc: fix segfault in vnc_display_pw_expire() 2012-05-30 10:28:44 +08:00
.gitignore .gitignore: add qemu-bridge-helper and option rom build products 2012-03-19 10:52:52 +00:00
.gitmodules
.mailmap
CODING_STYLE Replace Qemu by QEMU in internal documentation 2012-04-07 13:58:25 +00:00
COPYING
COPYING.LIB
Changelog fix some common typos 2012-05-14 07:27:24 +02:00
HACKING
LICENSE
MAINTAINERS Merge branch 'maintainers-up' of git://repo.or.cz/qemu/afaerber 2012-05-01 09:29:44 +00:00
Makefile move CPU definitions to /usr/share/qemu/cpus-x86_64.conf (v2) 2012-05-10 12:37:57 -05:00
Makefile.dis
Makefile.hw
Makefile.objs Beautify makefile commands for generation of files with tracetool 2012-04-25 14:21:35 +01:00
Makefile.target cputlb: move TLB handling to a separate file 2012-05-01 10:45:04 +00:00
Makefile.user
README
TODO
VERSION Update version for 1.1.0-rc3 2012-05-22 09:21:01 -05:00
a.out.h
acl.c
acl.h
aes.c
aes.h
aio.c aio: simplify qemu_aio_wait 2012-04-19 16:51:47 +02:00
alpha-dis.c
alpha.ld
arch_init.c arch_init: Fix AltiVec build on Darwin/ppc 2012-05-29 11:38:07 +02:00
arch_init.h eliminate arch_config_name variable 2012-05-10 12:37:55 -05:00
arm-dis.c
arm-semi.c arm-semi: Rename SYS_XXX macros to TARGET_SYS_XXX (fixes compiler warning) 2012-05-03 07:04:48 +02:00
arm.ld
async.c async: Use bool for boolean struct members and remove a hole 2012-05-01 10:13:25 +01:00
balloon.c qapi: fix qmp_balloon() conversion 2012-04-27 11:44:50 -03:00
balloon.h
bitmap.c
bitmap.h
bitops.c
bitops.h
block-migration.c
block-migration.h
block.c block: prevent snapshot mode $TMPDIR symlink attack 2012-05-30 14:48:40 +08:00
block.h qemu-img: make "info" backing file output correct and easier to use 2012-05-10 10:32:12 +02:00
block_int.h block: prevent snapshot mode $TMPDIR symlink attack 2012-05-30 14:48:40 +08:00
blockdev.c block: fail live snapshot if disk has no medium 2012-05-10 10:32:11 +02:00
blockdev.h
bswap.h
bt-host.c
bt-host.h
bt-vhci.c
buffered_file.c
buffered_file.h
cache-utils.c
cache-utils.h
cmd.c qemu-io: correctly print non-integer values as decimals 2012-05-10 10:32:12 +02:00
cmd.h
compatfd.c
compatfd.h
compiler.h
config.h
configure configure: check if environ is declared 2012-05-24 13:06:31 -05:00
console.c
console.h
coroutine-gthread.c coroutine-gthread.c: Avoid threading APIs deprecated in GLib 2.31 2012-04-14 10:59:14 +00:00
coroutine-sigaltstack.c Merge remote-tracking branch 'kwolf/for-anthony' into staging 2012-05-14 12:45:01 -05:00
coroutine-ucontext.c
coroutine-win32.c
cpu-all.h exec: prepare for splitting 2012-05-01 10:45:02 +00:00
cpu-common.h
cpu-defs.h w64: Fix struct CPUTLBEntry 2012-04-15 21:25:16 +02:00
cpu-exec.c cpu-exec: Remove non-portable type cast and fix format string 2012-04-15 21:25:17 +02:00
cpus.c kvm: Drop redundant kvm_enabled from cpu_thread_is_idle 2012-04-12 19:01:41 -03:00
cpus.h qtest: add clock management 2012-03-30 08:14:11 -05:00
cputlb.c cputlb: fix watchpoints handling 2012-05-12 09:14:38 +00:00
cputlb.h memory: move functions is_romd and section_addr to memory API 2012-05-01 10:45:07 +00:00
cris-dis.c
cursor.c
cursor_hidden.xpm
cursor_left_ptr.xpm
cutils.c
def-helper.h Add support for target helper functions which don't return 2012-03-24 13:01:46 +00:00
device_tree.c
device_tree.h
dis-asm.h target-lm32: add simple disassembler 2012-04-01 20:30:23 +02:00
disas.c fix some common typos 2012-05-14 07:27:24 +02:00
disas.h
dma-helpers.c Use DMADirection type for dma_bdrv_io 2012-04-05 14:54:40 +02:00
dma.h Merge remote-tracking branch 'kwolf/for-anthony' into staging 2012-04-10 08:16:12 -05:00
dyngen-exec.h
elf.h elf.h: Update EF_ARM_ constants to newer ABI versions 2012-04-06 19:25:57 +03:00
envlist.c
envlist.h
error.c error.c: don't return value for void function 2012-04-20 13:14:53 +01:00
error.h
error_int.h
event_notifier.c
event_notifier.h
exec-all.h linux-user: Fix stale tbs after mmap 2012-05-19 15:49:40 +00:00
exec-memory.h
exec-obsolete.h
exec.c linux-user: Fix stale tbs after mmap 2012-05-19 15:49:40 +00:00
gdbstub.c gdbstub: Synchronize CPU state unconditionally in gdb_set_cpu_pc 2012-04-21 13:27:34 +00:00
gdbstub.h
gen-icount.h
hmp-commands.hx block: add 'speed' optional parameter to block-stream 2012-04-27 11:44:50 -03:00
hmp.c stream: fix HMP block_job_set_speed 2012-05-10 11:01:59 +02:00
hmp.h qapi: convert device_del 2012-04-09 14:35:25 -03:00
host-utils.c
host-utils.h
hppa-dis.c
hppa.ld
i386-dis.c
i386.ld
ia64-dis.c
ia64.ld
input.c runstate: introduce suspended state 2012-05-08 14:30:09 -03:00
int128.h
iohandler.c iohandler: Use bool for boolean struct member and remove holes 2012-05-01 10:13:33 +01:00
ioport-user.c
ioport.c ioport: use INT64_MAX for IO ranges 2012-03-19 15:17:21 +02:00
ioport.h
iorange.h
iov.c
iov.h
json-lexer.c
json-lexer.h
json-parser.c
json-parser.h
json-streamer.c
json-streamer.h
kvm-all.c kvm: Fix dirty tracking with large kernel page size 2012-05-10 12:40:08 +03:00
kvm-stub.c kvm: Drop unused kvm_pit_in_kernel 2012-04-12 19:01:41 -03:00
kvm.h kvm: Drop unused kvm_pit_in_kernel 2012-04-12 19:01:41 -03:00
libfdt_env.h
linux-aio.c aio: remove process_queue callback and qemu_aio_process_queue 2012-04-19 16:37:53 +02:00
lm32-dis.c target-lm32: add simple disassembler 2012-04-01 20:30:23 +02:00
m68k-dis.c
m68k-semi.c
m68k.ld
main-loop.c main-loop: Calculate poll timeout using timeout argument 2012-05-01 10:46:25 +00:00
main-loop.h Switch SIG_IPI to SIGUSR1 2012-05-10 08:33:34 -05:00
memory.c memory: check address space when a listener is registered 2012-04-05 13:09:17 +03:00
memory.h memory: move functions is_romd and section_addr to memory API 2012-05-01 10:45:07 +00:00
microblaze-dis.c
migration-exec.c
migration-fd.c
migration-tcp.c use inet_listen()/inet_connect() to support ipv6 migration 2012-05-10 12:37:57 -05:00
migration-unix.c
migration.c use inet_listen()/inet_connect() to support ipv6 migration 2012-05-10 12:37:57 -05:00
migration.h use inet_listen()/inet_connect() to support ipv6 migration 2012-05-10 12:37:57 -05:00
mips-dis.c
mips.ld
module.c Remove type field in ModuleEntry as it's not used 2012-03-19 10:52:52 +00:00
module.h
monitor.c hmp: fix bad value conversion for M type 2012-05-08 14:30:22 -03:00
monitor.h
nbd.c sockets: use error class to pass listen error 2012-05-10 12:37:57 -05:00
nbd.h nbd: consistently return negative errno values 2012-04-19 16:36:43 +02:00
net.c net: move compute_mcast_idx() to net.h 2012-03-16 01:04:51 +02:00
net.h net: move compute_mcast_idx() to net.h 2012-03-16 01:04:51 +02:00
notify.c
notify.h
os-posix.c os-posix: Fix build on FreeBSD 2012-04-26 13:14:58 -05:00
os-win32.c
osdep.c
osdep.h softfloat: Replace int16 type with int_fast16_t 2012-04-28 09:13:26 +00:00
oslib-posix.c
oslib-win32.c main-loop: interrupt wait when data arrives on a socket 2012-04-07 08:34:16 +00:00
path.c
pci-ids.txt
pflib.c
pflib.h
poison.h
posix-aio-compat.c aio: remove process_queue callback and qemu_aio_process_queue 2012-04-19 16:37:53 +02:00
ppc-dis.c Replace Qemu by QEMU in comments 2012-04-07 14:00:45 +00:00
ppc.ld
ppc64.ld
qapi-schema-guest.json qemu-ga: guest-shutdown: use only async-signal-safe functions 2012-05-15 09:15:16 -05:00
qapi-schema-test.json qapi: add struct-errors test case to test-qmp-output-visitor 2012-03-27 09:11:00 -03:00
qapi-schema.json runstate: introduce suspended state 2012-05-08 14:30:09 -03:00
qbool.c
qbool.h
qdict-test-data.txt
qdict.c
qdict.h
qemu-aio.h aio: return "AIO in progress" state from qemu_aio_wait 2012-04-19 16:50:49 +02:00
qemu-barrier.h virtio: order index/descriptor reads 2012-04-25 10:53:47 +03:00
qemu-bridge-helper.c
qemu-char.c sockets: use error class to pass listen error 2012-05-10 12:37:57 -05:00
qemu-char.h
qemu-common.h declare ECANCELED on all machines 2012-05-10 11:01:59 +02:00
qemu-config.c
qemu-config.h implement -no-user-config command-line option (v3) 2012-05-10 12:37:57 -05:00
qemu-coroutine-int.h
qemu-coroutine-io.c
qemu-coroutine-lock.c
qemu-coroutine-sleep.c block: allow interrupting a co_sleep_ns 2012-04-19 16:03:27 +02:00
qemu-coroutine.c
qemu-coroutine.h
qemu-doc.texi qemu-doc: Use QEMU instead of qemu for product name 2012-05-14 07:27:24 +02:00
qemu-error.c
qemu-error.h
qemu-file.h
qemu-ga.c qemu-ga: align versioning with QEMU_VERSION 2012-05-15 09:17:06 -05:00
qemu-img-cmds.hx
qemu-img.c qemu-img: Fix segmentation fault 2012-05-14 17:02:19 +02:00
qemu-img.texi qemu-img: Explain how rebase operation can be used to perform a 'diff' operation. 2012-05-25 18:12:54 +02:00
qemu-io.c qemu-io: fix the alloc command 2012-05-10 10:32:13 +02:00
qemu-lock.h
qemu-log.h
qemu-nbd.c nbd: do not include block_int.h 2012-04-19 17:19:37 +02:00
qemu-nbd.texi Replace Qemu by QEMU in user visible documentation 2012-04-07 13:58:06 +00:00
qemu-objects.h
qemu-option.c
qemu-option.h
qemu-options-wrapper.h
qemu-options.h
qemu-options.hx Merge remote-tracking branch 'sweil/for-1.1' into staging 2012-05-14 10:06:50 -05:00
qemu-os-posix.h
qemu-os-win32.h w64: Fix definition of setjmp 2012-04-15 21:25:16 +02:00
qemu-progress.c
qemu-queue.h Replace Qemu by QEMU in comments 2012-04-07 14:00:45 +00:00
qemu-sockets.c sockets: use error class to pass listen error 2012-05-10 12:37:57 -05:00
qemu-tech.texi Drop darwin-user 2012-05-01 00:17:27 +02:00
qemu-thread-posix.c
qemu-thread-posix.h
qemu-thread-win32.c
qemu-thread-win32.h
qemu-thread.h
qemu-timer-common.c
qemu-timer.c qemu-timer: Fix wrong error message 2012-05-14 07:27:24 +02:00
qemu-timer.h qemu-timer: Move include for __FreeBSD_version to header 2012-05-08 11:14:56 -05:00
qemu-tls.h
qemu-tool.c main_loop_wait: block indefinitely 2012-04-26 13:14:58 -05:00
qemu-user.c
qemu-x509.h
qemu-xattr.h
qemu.sasl
qemu_socket.h sockets: use error class to pass listen error 2012-05-10 12:37:57 -05:00
qerror.c qerror: add five qerror strings 2012-05-10 12:37:57 -05:00
qerror.h qerror: add five qerror strings 2012-05-10 12:37:57 -05:00
qfloat.c
qfloat.h
qint.c
qint.h
qjson.c
qjson.h
qlist.c
qlist.h
qmp-commands.hx block: add mode argument to blockdev-snapshot-sync 2012-05-10 10:32:11 +02:00
qmp.c runstate: introduce suspended state 2012-05-08 14:30:09 -03:00
qobject.h
qstring.c
qstring.h
qtest.c qtest: Fix tv_usec != long 2012-04-24 09:50:31 -05:00
qtest.h qtest: add dummy functions for user emulators 2012-04-19 18:52:35 +00:00
range.h
readline.c
readline.h
rules.mak Beautify makefile commands for generation of files with tracetool 2012-04-25 14:21:35 +01:00
s390-dis.c
s390.ld
savevm.c w64: Fix time conversion for some versions of MinGW-w64 2012-04-15 21:25:18 +02:00
sh4-dis.c
softmmu-semi.h
softmmu_defs.h softmmu templates: optionally pass CPUState to memory access functions 2012-03-18 12:21:52 +00:00
softmmu_exec.h
softmmu_header.h w64: Fix data types in softmmu*.h 2012-04-15 21:25:17 +02:00
softmmu_template.h w64: Fix data types in softmmu*.h 2012-04-15 21:25:17 +02:00
sparc-dis.c
sparc.ld
sparc64.ld
spice-qemu-char.c spice-qemu-char.c: Show what name is unsupported 2012-04-20 13:14:53 +01:00
sysemu.h
targphys.h
tcg-runtime.c
tci-dis.c
tci.c tci: Fix wrong macro name for debug code 2012-05-08 11:15:18 -05:00
thunk.c linux-user: add struct old_dev_t compat 2012-04-06 18:49:58 +03:00
thunk.h linux-user: Fix invalid TARGET_ABI_BITS usage on ppc hosts 2012-05-01 21:47:01 +02:00
trace-events ISCSI: Switch to using READ16/WRITE16 for I/O to the LUN 2012-05-28 14:04:16 +02:00
translate-all.c w64: Fix data type of tb_next and other variables used for host addresses 2012-04-07 11:27:45 +00:00
uboot_image.h
user-exec.c user-exec.c: Don't assert on segfaults for non-valid addresses 2012-05-08 11:15:18 -05:00
version.rc
vgafont.h
vl.c Merge remote-tracking branch 'origin/master' into staging 2012-05-14 08:44:32 -05:00
vmstate.h
x86_64.ld
xen-all.c Call xc_domain_shutdown with the reboot flag when the guest requests a reboot. 2012-05-17 10:52:38 +00:00
xen-mapcache.c xen-mapcache: don't unmap locked entry during mapcache invalidation 2012-04-13 17:35:06 +00:00
xen-mapcache.h xen mapcache: check if memory region has moved. 2012-03-19 18:21:12 +00:00
xen-stub.c Xen: basic HVM MSI injection support. 2012-04-13 17:34:08 +00:00
xtensa-semi.c target-xtensa: Move helpers.h to helper.h 2012-04-14 03:48:08 +04:00

README 

Read the documentation in qemu-doc.html or on http://wiki.qemu.org

- QEMU team