This series fixes a guest-triggerable assertion fault (DoS) caused by sending an illegal new name with the legacy Twstat rename handler.
- Patch 1: This is the core fix that prevents the DoS vulnerability. - Patch 2: Additionally rejects "." and ".." as new names with Twstat rename operations (not being a vulnerability though). - Patch 3: Consolidates the name validation logic spread multiple times over multiple request handlers. Christian Schoenebeck (3): hw/9pfs: fix abort due to illegal name with Twstat rename hw/9pfs: reject . and .. in Twstat rename hw/9pfs: consolidate name validation with check_name() hw/9pfs/9p.c | 97 +++++++++++++++++++++++----------------------------- 1 file changed, 42 insertions(+), 55 deletions(-) -- 2.47.3
