git.ipfire.org Git - thirdparty/qemu.git/commit

]> git.ipfire.org Git - thirdparty/qemu.git/commit

projects / thirdparty / qemu.git / commit

author	Greg Kurz <groug@kaod.org>
	Sun, 26 Feb 2017 22:44:03 +0000 (23:44 +0100)
committer	Greg Kurz <groug@kaod.org>
	Tue, 28 Feb 2017 10:21:15 +0000 (11:21 +0100)
commit	d2767edec582558f1e6c52e1dd9370d62e2b30fc
tree	91e1171b715a8c2626a1351b68d8bcf6b2e69944	tree
parent	99f2cf4b2dad7b37c69759deb0d0b19d3ec1a24a	commit \| diff

9pfs: local: rename: use renameat

The local_rename() callback is vulnerable to symlink attacks because it
uses rename() which follows symbolic links in all path elements but the
rightmost one.

This patch simply transforms local_rename() into a wrapper around
local_renameat() which is symlink-attack safe.

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

hw/9pfs/9p-local.c

diff | blob | blame | history

Mirror of https://git.qemu.org/git/qemu.git

RSS Atom