]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0f3490f) | patch
9pfs: local: rename: use renameat
authorGreg Kurz <groug@kaod.org>
Sun, 26 Feb 2017 22:44:03 +0000 (23:44 +0100)
committerMichael Roth <mdroth@linux.vnet.ibm.com>
Thu, 16 Mar 2017 17:07:56 +0000 (12:07 -0500)
commitd93d06a2fc1e126a411178ba2edc10e802e152a1
tree83feb3ba9e2737afe95395873f8854581ba73890tree
parent0f3490faa8796da9986d798428b034e0bb4d6f1dcommit | diff
9pfs: local: rename: use renameat

The local_rename() callback is vulnerable to symlink attacks because it
uses rename() which follows symbolic links in all path elements but the
rightmost one.

This patch simply transforms local_rename() into a wrapper around
local_renameat() which is symlink-attack safe.

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit d2767edec582558f1e6c52e1dd9370d62e2b30fc)
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
hw/9pfs/9p-local.c diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git