|
| From: | Eric Blake |
| Subject: | Re: [Qemu-devel] [PATCH for-3.1 2/2] usb-mtp: outlaw slashes in filenames |
| Date: | Fri, 30 Nov 2018 13:58:06 -0600 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 |
On 11/30/18 1:08 PM, Philippe Mathieu-Daudé wrote:
On 30/11/18 12:12, Gerd Hoffmann wrote:Slash is unix directory separator, so they are not allowed in filenames. Note this also stops the classic escape via "../". Fixes: CVE-2018-16867 Reported-by: Michael Hanselmann (hansmi.ch)It's common for scripts to match '<email>', can you write this one as Michael Hanselmann <hansmi.ch>?
That's not an email address, though. Do we have an email for Michael, or just a username?
-- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
| [Prev in Thread] | Current Thread | [Next in Thread] |