diff options
| author |   Greg Kurz <groug@kaod.org> | 2017-02-26 23:43:40 +0100 |
|---|---|---|
| committer | Greg Kurz <groug@kaod.org> | 2017-02-28 11:21:15 +0100 |
| commit | bec1e9546e03b9e7f5152cf3e8c95cf8acff5e12 (patch) | |
| tree | d16f6162f599a7cdfa35e06f0175867a3065e6a4 /scripts/qapi-commands.py | |
| parent | 9pfs: local: truncate: don't follow symlinks (diff) | |
| download | qemu-bec1e9546e03b9e7f5152cf3e8c95cf8acff5e12.tar.xz qemu-bec1e9546e03b9e7f5152cf3e8c95cf8acff5e12.zip | |
9pfs: local: readlink: don't follow symlinks
The local_readlink() callback is vulnerable to symlink attacks because it
calls:
(1) open(O_NOFOLLOW) which follows symbolic links for all path elements but
the rightmost one
(2) readlink() which follows symbolic links for all path elements but the
rightmost one
This patch converts local_readlink() to rely on open_nofollow() to fix (1)
and opendir_nofollow(), readlinkat() to fix (2).
This partly fixes CVE-2016-9602.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'scripts/qapi-commands.py')
0 files changed, 0 insertions, 0 deletions