[PATCH 0/5] [PATCH v3] kvmtool: fix virtio 9p vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch series should fix different vulnerabilities found in virtio 9p
(http://www.spinics.net/lists/kvm/msg130505.html), but it definitely needs some
testing. By the way, the very same path traversal vulnerability was also found
in Qemu in August: http://www.openwall.com/lists/oss-security/2016/08/30/1
and the path traversal fix looks quite similar.

v3:
* fix an error introduced by v2

v2:
* merge some commits
* add an explicit commit message to each patch
* add a Signed-off-by: line

v1:


G. Campana (5):
  kvmtool: 9p: fix path traversal vulnerabilities
  kvmtool: 9p: fix sprintf vulnerabilities
  kvmtool: 9p: fix strcpy vulnerabilities
  kvmtool: 9p: refactor fixes with get_full_path()
  kvmtool: 9p: fix a buffer overflow in rel_to_abs

 virtio/9p.c | 199 +++++++++++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 158 insertions(+), 41 deletions(-)

-- 
2.7.4

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux