| commit | bec1e9546e03b9e7f5152cf3e8c95cf8acff5e12 | |
| author | Greg Kurz <groug@kaod.org> | |
| Sun, 26 Feb 2017 22:43:40 +0000 (26 23:43 +0100) | ||
| committer | Greg Kurz <groug@kaod.org> | |
| Tue, 28 Feb 2017 10:21:15 +0000 (28 11:21 +0100) | ||
| tree | d16f6162f599a7cdfa35e06f0175867a3065e6a4 | treesnapshot (tar.gz zip) |
| parent | ac125d993b461d4dee4d6df4d93ac3f2eb959d1d | commitdiff |
9pfs: local: readlink: don't follow symlinks
The local_readlink() callback is vulnerable to symlink attacks because it
calls:
(1) open(O_NOFOLLOW) which follows symbolic links for all path elements but
the rightmost one
(2) readlink() which follows symbolic links for all path elements but the
rightmost one
This patch converts local_readlink() to rely on open_nofollow() to fix (1)
and opendir_nofollow(), readlinkat() to fix (2).
This partly fixes CVE-2016-9602.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
The local_readlink() callback is vulnerable to symlink attacks because it
calls:
(1) open(O_NOFOLLOW) which follows symbolic links for all path elements but
the rightmost one
(2) readlink() which follows symbolic links for all path elements but the
rightmost one
This patch converts local_readlink() to rely on open_nofollow() to fix (1)
and opendir_nofollow(), readlinkat() to fix (2).
This partly fixes CVE-2016-9602.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
| hw/9pfs/9p-local.c | diffblobblamehistory |