diff options
| author | Greg Kurz <groug@kaod.org> | 2017-03-06 17:34:01 +0100 |
|---|---|---|
| committer | Greg Kurz <groug@kaod.org> | 2017-03-06 17:34:01 +0100 |
| commit | b003fc0d8aa5e7060dbf7e5862b8013c73857c7f (patch) | |
| tree | 632eff8c91edde80c4a439fff1ade2d7573ace24 /hw/9pfs/9p-local.c | |
| parent | 918112c02aff2bac4cb72dc2feba0cb05305813e (diff) | |
9pfs: fix vulnerability in openat_dir() and local_unlinkat_common()
We should pass O_NOFOLLOW otherwise openat() will follow symlinks and make
QEMU vulnerable.
While here, we also fix local_unlinkat_common() to use openat_dir() for
the same reasons (it was a leftover in the original patchset actually).
This fixes CVE-2016-9602.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Diffstat (limited to 'hw/9pfs/9p-local.c')
| -rw-r--r-- | hw/9pfs/9p-local.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 0ca4c94ee4..45e9a1f9b0 100644 --- a/hw/9pfs/9p-local.c +++ b/hw/9pfs/9p-local.c @@ -960,7 +960,7 @@ static int local_unlinkat_common(FsContext *ctx, int dirfd, const char *name, if (flags == AT_REMOVEDIR) { int fd; - fd = openat(dirfd, name, O_RDONLY | O_DIRECTORY | O_PATH); + fd = openat_dir(dirfd, name); if (fd == -1) { goto err_out; } |