This patch series should fix different vulnerabilities found in virtio 9p (http://www.spinics.net/lists/kvm/msg130505.html), but it definitely needs some testing. By the way, the very same path traversal vulnerability was also found in Qemu in August: http://www.openwall.com/lists/oss-security/2016/08/30/1 and the path traversal fix looks quite similar. v3: * fix an error introduced by v2 v2: * merge some commits * add an explicit commit message to each patch * add a Signed-off-by: line v1: G. Campana (5): kvmtool: 9p: fix path traversal vulnerabilities kvmtool: 9p: fix sprintf vulnerabilities kvmtool: 9p: fix strcpy vulnerabilities kvmtool: 9p: refactor fixes with get_full_path() kvmtool: 9p: fix a buffer overflow in rel_to_abs virtio/9p.c | 199 +++++++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 158 insertions(+), 41 deletions(-) -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
