| commit | b003fc0d8aa5e7060dbf7e5862b8013c73857c7f | |
| author | Greg Kurz <groug@kaod.org> | |
| Mon, 6 Mar 2017 16:34:01 +0000 (6 17:34 +0100) | ||
| committer | Greg Kurz <groug@kaod.org> | |
| Mon, 6 Mar 2017 16:34:01 +0000 (6 17:34 +0100) | ||
| tree | 632eff8c91edde80c4a439fff1ade2d7573ace24 | treesnapshot (tar.gz zip) |
| parent | 918112c02aff2bac4cb72dc2feba0cb05305813e | commitdiff |
9pfs: fix vulnerability in openat_dir() and local_unlinkat_common()
We should pass O_NOFOLLOW otherwise openat() will follow symlinks and make
QEMU vulnerable.
While here, we also fix local_unlinkat_common() to use openat_dir() for
the same reasons (it was a leftover in the original patchset actually).
This fixes CVE-2016-9602.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
We should pass O_NOFOLLOW otherwise openat() will follow symlinks and make
QEMU vulnerable.
While here, we also fix local_unlinkat_common() to use openat_dir() for
the same reasons (it was a leftover in the original patchset actually).
This fixes CVE-2016-9602.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
| hw/9pfs/9p-local.c | diffblobblamehistory | |
| hw/9pfs/9p-util.h | diffblobblamehistory |