Files
qemu/hw
Greg Kurz 54e9633381 9pfs: local: readlink: don't follow symlinks
The local_readlink() callback is vulnerable to symlink attacks because it
calls:

(1) open(O_NOFOLLOW) which follows symbolic links for all path elements but
    the rightmost one
(2) readlink() which follows symbolic links for all path elements but the
    rightmost one

This patch converts local_readlink() to rely on open_nofollow() to fix (1)
and opendir_nofollow(), readlinkat() to fix (2).

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit bec1e9546e)
[BR: Fix and/or infrastructure for BSC#1020427 CVE-2016-9602]
Signed-off-by: Bruce Rogers <brogers@suse.com>
2021-03-17 09:45:51 -06:00
..
2021-03-17 09:45:51 -06:00
2021-03-17 09:45:49 -06:00
2016-08-05 16:14:47 -05:00
2021-03-17 09:45:50 -06:00
2016-04-07 19:57:33 +03:00
2016-01-29 15:07:25 +00:00
2016-01-29 15:07:25 +00:00
2021-03-17 09:45:49 -06:00
2021-03-17 09:45:51 -06:00
2016-08-05 14:30:32 -05:00
2015-12-22 18:39:19 +02:00