On Mon, Feb 20, 2017 at 03:41:49PM +0100, Greg Kurz wrote: > The local_renameat() callback is currently a wrapper around local_rename() > which is vulnerable to symlink attacks. > > This patch rewrites local_renameat() to have its own implementation, based > on local_opendir_nofollow() and renameat(). > > This partly fixes CVE-2016-9602. > > Signed-off-by: Greg Kurz <gr...@kaod.org> > --- > hw/9pfs/9p-local.c | 71 > ++++++++++++++++++++++++++++++++++++++++++++++------ > 1 file changed, 63 insertions(+), 8 deletions(-)
Reviewed-by: Stefan Hajnoczi <stefa...@redhat.com>
signature.asc
Description: PGP signature
