On Mon, Feb 20, 2017 at 03:41:32PM +0100, Greg Kurz wrote: > The local_readlink() callback is vulnerable to symlink attacks because it > calls: > > (1) open(O_NOFOLLOW) which follows symbolic links for all path elements but > the rightmost one > (2) readlink() which follows symbolic links for all path elements but the > rightmost one > > This patch converts local_readlink() to rely on open_nofollow() to fix (1) > and opendir_nofollow(), readlinkat() to fix (2). > > This partly fixes CVE-2016-9602. > > Signed-off-by: Greg Kurz <[email protected]> > --- > hw/9pfs/9p-local.c | 26 +++++++++++++++++--------- > 1 file changed, 17 insertions(+), 9 deletions(-)
Reviewed-by: Stefan Hajnoczi <[email protected]>
signature.asc
Description: PGP signature
