Google Git
Sign in
android-kvm / kvmtool / 9bb99a82ab6939ddeacc27f48018bcd62585ef1b
commit9bb99a82ab6939ddeacc27f48018bcd62585ef1b[log] [tgz]
authorG. Campana <gcampana+kvm@quarkslab.com>Thu Nov 10 16:21:07 2016 +0100
committerWill Deacon <will.deacon@arm.com>Fri Nov 18 17:43:48 2016 +0000
tree0156c727ca42b5b666ffc7c6af06ac69204c2719
parent1cd6f516264ad2ad83fad3dc1264d6ff4bcd17b2 [diff]
kvmtool: 9p: fix path traversal vulnerabilities

A path traversal exists because the guest can send "../" sequences to
the host 9p handlers. To fix this vulnerability, we ensure that path
components sent by the guest don't contain "../" sequences.

Signed-off-by: G. Campana <gcampana+kvm@quarkslab.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
1 file changed
tree: 0156c727ca42b5b666ffc7c6af06ac69204c2719
  1. arm/
  2. config/
  3. disk/
  4. Documentation/
  5. guest/
  6. hw/
  7. include/
  8. mips/
  9. net/
  10. powerpc/
  11. tests/
  12. ui/
  13. util/
  14. virtio/
  15. x86/
  16. .gitignore
  17. builtin-balloon.c
  18. builtin-debug.c
  19. builtin-help.c
  20. builtin-list.c
  21. builtin-pause.c
  22. builtin-resume.c
  23. builtin-run.c
  24. builtin-sandbox.c
  25. builtin-setup.c
  26. builtin-stat.c
  27. builtin-stop.c
  28. builtin-version.c
  29. code16gcc.h
  30. COPYING
  31. CREDITS-Git
  32. devices.c
  33. framebuffer.c
  34. guest_compat.c
  35. INSTALL
  36. ioeventfd.c
  37. ioport.c
  38. irq.c
  39. kvm-cmd.c
  40. kvm-cpu.c
  41. kvm-ipc.c
  42. kvm.c
  43. main.c
  44. Makefile
  45. mmio.c
  46. pci.c
  47. README
  48. symbol.c
  49. term.c