9p: take write lock on fid path updates (CVE-2018-19364) - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Greg Kurz <groug@kaod.org>	2018-11-20 13:00:35 +0100
committer	Greg Kurz <groug@kaod.org>	2018-11-20 13:00:35 +0100
commit	5b3c77aa581ebb215125c84b0742119483571e55 (patch)
tree	f6d84494a5960a727a2fa90a4350084d24bf98f2 /scripts/qapi/introspect.py
parent	3c035a41dca808f096a128fe2b62d849fe638a25 (diff)
download	focaccia-qemu-5b3c77aa581ebb215125c84b0742119483571e55.tar.gz focaccia-qemu-5b3c77aa581ebb215125c84b0742119483571e55.zip

9p: take write lock on fid path updates (CVE-2018-19364)

Recent commit 5b76ef50f62079a fixed a race where v9fs_co_open2() could
possibly overwrite a fid path with v9fs_path_copy() while it is being
accessed by some other thread, ie, use-after-free that can be detected
by ASAN with a custom 9p client.

It turns out that the same can happen at several locations where
v9fs_path_copy() is used to set the fid path. The fix is again to
take the write lock.

Fixes CVE-2018-19364.

Cc: P J P <ppandit@redhat.com>
Reported-by: zhibin hu <noirfate@gmail.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Greg Kurz <groug@kaod.org>

Diffstat (limited to 'scripts/qapi/introspect.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: