www.infradead.org Git - users/dwmw2/qemu.git/commit

author	Greg Kurz <groug@kaod.org>
	Sun, 26 Feb 2017 22:42:18 +0000 (23:42 +0100)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Thu, 16 Mar 2017 17:07:10 +0000 (12:07 -0500)
commit	acf22d2264a131ad2695b5a18746dabf0cc8b843
tree	9d87800d12a32a9f27ef3ccec5964038c7f712ec	tree
parent	54f951d6348f08a89da8b49d64fe06ceb291759f	commit \| diff

9pfs: local: open/opendir: don't follow symlinks

The local_open() and local_opendir() callbacks are vulnerable to symlink
attacks because they call:

(1) open(O_NOFOLLOW) which follows symbolic links in all path elements but
the rightmost one
(2) opendir() which follows symbolic links in all path elements

This patch converts both callbacks to use new helpers based on
openat_nofollow() to only open files and directories if they are
below the virtfs shared folder

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 996a0d76d7e756e4023ef79bc37bfe629b9eaca7)
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

hw/9pfs/9p-local.c		diff \| blob \| history
hw/9pfs/9p-local.h	[new file with mode: 0644]	blob