This patch series should fix different vulnerabilities found in virtio 9p (http://www.spinics.net/lists/kvm/msg130505.html), but it definitely needs some testing. By the way, the very same path traversal vulnerability was also found in Qemu in August: http://www.openwall.com/lists/oss-security/2016/08/30/1 and the path traversal fix looks quite similar. G. Campana (7): kvmtool: 9p: fix path traversal vulnerabilities kvmtool: fix sprintf vulnerabilities kvmtool: fix strcpy vulnerabilities kvmtool: check strncpy return value kvmtool: fix rel_to_abs() kvmtool: refactor fixes with get_full_path() kvmtool: 9p: refactor rel_to_abs() virtio/9p.c | 202 ++++++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 161 insertions(+), 41 deletions(-) -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
