On Mon, Feb 20, 2017 at 03:41:56PM +0100, Greg Kurz wrote: > The local_rename() callback is vulnerable to symlink attacks because it > uses rename() which follows symbolic links in all path elements but the > rightmost one. > > This patch simply transforms local_rename() into a wrapper around > local_renameat() which is symlink-attack safe. > > This partly fixes CVE-2016-9602. > > Signed-off-by: Greg Kurz <gr...@kaod.org> > --- > hw/9pfs/9p-local.c | 57 > +++++++++++++++++++++++++--------------------------- > 1 file changed, 27 insertions(+), 30 deletions(-)
Reviewed-by: Stefan Hajnoczi <stefa...@redhat.com>
signature.asc
Description: PGP signature
