dfaggioli/qemu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
54e9633381d3d6b7fad11dca1f08cb21cb155210
qemu/hw
History
Greg Kurz 54e9633381 9pfs: local: readlink: don't follow symlinks 
The local_readlink() callback is vulnerable to symlink attacks because it
calls:

(1) open(O_NOFOLLOW) which follows symbolic links for all path elements but
    the rightmost one
(2) readlink() which follows symbolic links for all path elements but the
    rightmost one

This patch converts local_readlink() to rely on open_nofollow() to fix (1)
and opendir_nofollow(), readlinkat() to fix (2).

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit bec1e9546e)
[BR: Fix and/or infrastructure for BSC#1020427 CVE-2016-9602]
Signed-off-by: Bruce Rogers <brogers@suse.com>
2021-03-17 09:45:51 -06:00
..
9pfs
9pfs: local: readlink: don't follow symlinks
2021-03-17 09:45:51 -06:00
acpi
acpi_piix4: Fix migration from SLE11 SP2
2021-03-17 09:45:49 -06:00
alpha
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
arm
ARM: KVM: Enable in-kernel timers with user space gic
2021-03-17 09:45:50 -06:00
audio
audio: ac97: add exit function
2021-03-17 09:45:51 -06:00
block
virtio-blk: Remove stale comment about draining
2021-03-17 09:45:50 -06:00
bt
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
char
char: serial: check divider value against baud base
2021-03-17 09:45:50 -06:00
core
fix xen hvm direct kernel boot
2021-03-17 09:45:49 -06:00
cpu
include/qemu/osdep.h: Don't include qapi/error.h
2016-03-22 22:20:15 +01:00
cris
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
display
virtio-gpu: fix resource leak in virgl_cmd_resource_unref
2021-03-17 09:45:51 -06:00
dma
dma: rc4030: limit interval timer reload value
2021-03-17 09:45:50 -06:00
gpio
hw/gpio: Add the emulation of gpio_key
2016-03-30 17:27:22 +01:00
i2c
Fix some typos found by codespell
2016-08-05 16:14:47 -05:00
i386
intel_iommu: fix incorrect device invalidate
2021-03-17 09:45:50 -06:00
ide
block-backend: remove blk_flush_all
2021-03-17 09:45:50 -06:00
input
virtio-input: support absolute axis config in pass-through
2016-04-13 17:26:12 +02:00
intc
ARM: KVM: Enable in-kernel timers with user space gic
2021-03-17 09:45:50 -06:00
ipack
include/qemu/osdep.h: Don't include qapi/error.h
2016-03-22 22:20:15 +01:00
ipmi
include/qemu/osdep.h: Don't include qapi/error.h
2016-03-22 22:20:15 +01:00
isa
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
lm32
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
m68k
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
mem
include/qemu/osdep.h: Don't include qapi/error.h
2016-03-22 22:20:15 +01:00
microblaze
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
mips
hw/mips/cps: enable ITU for multithreading processors
2016-03-30 09:14:00 +01:00
misc
ivshmem: Fix 64 bit memory bar configuration
2021-03-17 09:45:50 -06:00
moxie
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
net
net: mcf: check receive buffer size register value
2021-03-17 09:45:50 -06:00
nvram
Sort the fw_cfg file list
2016-04-07 19:57:33 +03:00
openrisc
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
pci
pcie: fix link active status bit migration
2016-08-05 16:45:19 -05:00
pci-bridge
hw/pci-bridge: Add missing unref in case register-bus fails
2016-04-07 19:57:33 +03:00
pci-host
include/qemu/osdep.h: Don't include qapi/error.h
2016-03-22 22:20:15 +01:00
pcmcia
hw: Clean up includes
2016-01-29 15:07:25 +00:00
ppc
spapr_drc: fix aborts during DRC-count based hotplug
2016-04-26 11:16:08 +10:00
s390x
s390x/kvm: fix small race reboot vs. cmma
2021-03-17 09:45:51 -06:00
scsi
megasas: fix guest-triggered memory leak
2021-03-17 09:45:51 -06:00
sd
sd: sdhci: check data length during dma_memory_read
2021-03-17 09:45:51 -06:00
sh4
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
smbios
include/qemu/osdep.h: Don't include qapi/error.h
2016-03-22 22:20:15 +01:00
sparc
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
sparc64
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
ssi
hw: Clean up includes
2016-01-29 15:07:25 +00:00
timer
i8254: Fix migration from SLE11 SP2
2021-03-17 09:45:49 -06:00
tpm
tpm: Fix write to file descriptor function
2016-04-13 19:52:34 +03:00
tricore
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
unicore32
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
usb
usb: ccid: check ccid apdu length
2021-03-17 09:45:51 -06:00
vfio
vfio/pci: Fix VGA quirks
2016-08-05 14:30:32 -05:00
virtio
virtio: fix vq->inuse recalc after migr
2021-03-17 09:45:51 -06:00
watchdog
watchdog: 6300esb: add exit function
2021-03-17 09:45:51 -06:00
xen
xen: use a common function for pv and hvm guest backend register calls
2021-03-17 09:45:49 -06:00
xenpv
xen: use a common function for pv and hvm guest backend register calls
2021-03-17 09:45:49 -06:00
xtensa
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
Makefile.objs
Add a base IPMI interface
2015-12-22 18:39:19 +02:00