hw/9pfs/9p-local.c · 3439290f9ed98f837848d5c9bf688a0c8aa8bd27 · openeuler / qemu

9pfs: local: readlink: don't follow symlinks · 3439290f

由 Greg Kurz 提交于 2月 26, 2017

The local_readlink() callback is vulnerable to symlink attacks because it
calls:

(1) open(O_NOFOLLOW) which follows symbolic links for all path elements but
    the rightmost one
(2) readlink() which follows symbolic links for all path elements but the
    rightmost one

This patch converts local_readlink() to rely on open_nofollow() to fix (1)
and opendir_nofollow(), readlinkat() to fix (2).

This partly fixes CVE-2016-9602.
Signed-off-by: NGreg Kurz <groug@kaod.org>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit bec1e954)
Signed-off-by: NGreg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

3439290f

9p-local.c 35.1 KB

openeuler / qemu

Replace 9p-local.c