9pfs: local: statfs: don't follow symlinks - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Greg Kurz <groug@kaod.org>	2017-02-26 23:43:25 +0100
committer	Greg Kurz <groug@kaod.org>	2017-02-28 11:21:15 +0100
commit	31e51d1c15b35dc98b88a301812914b70a2b55dc (patch)
tree	f1bdaeddcf8ca308a79fb74d409e454b5ea5e3b8 /scripts/qapi-commands.py
parent	a33eda0dd99e00faa3bacae43d19490bb9500e07 (diff)
download	focaccia-qemu-31e51d1c15b35dc98b88a301812914b70a2b55dc.tar.gz focaccia-qemu-31e51d1c15b35dc98b88a301812914b70a2b55dc.zip

9pfs: local: statfs: don't follow symlinks

The local_statfs() callback is vulnerable to symlink attacks because it
calls statfs() which follows symbolic links in all path elements.

This patch converts local_statfs() to rely on open_nofollow() and fstatfs()
instead.

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

Diffstat (limited to 'scripts/qapi-commands.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: