[Qemu-devel] [PATCH RFC 25/36] 9pfs: local: symlink: don't follow symlin

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH RFC 25/36] 9pfs: local: symlink: don't follow symlin

From:	Greg Kurz
Subject:	[Qemu-devel] [PATCH RFC 25/36] 9pfs: local: symlink: don't follow symlinks
Date:	Mon, 30 Jan 2017 13:12:48 +0100
User-agent:	StGit/0.17.1-20-gc0b1b-dirty

This fixes CVE-2016-9602 for the "passthrough" security model.

Signed-off-by: Greg Kurz <address@hidden>
---
 hw/9pfs/9p-local.c |   26 ++++++++++----------------
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index 9dfa3e306245..bbc08184564f 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -1100,29 +1100,25 @@ static int local_symlink_passthrough(FsContext *fs_ctx, 
const char *oldpath,
                                      V9fsPath *dir_path, const char *name,
                                      FsCred *credp)
 {
-    int err = -1;
-    int serrno = 0;
-    char *newpath;
-    V9fsString fullname;
-    char *buffer = NULL;
+    int dirfd, err;
 
-    v9fs_string_init(&fullname);
-    v9fs_string_sprintf(&fullname, "%s/%s", dir_path->data, name);
-    newpath = fullname.data;
+    dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
+    if (dirfd == -1) {
+        return -1;
+    }
 
-    buffer = rpath(fs_ctx, newpath);
-    err = symlink(oldpath, buffer);
+    err = symlinkat(oldpath, dirfd, name);
     if (err) {
         goto out;
     }
-    err = lchown(buffer, credp->fc_uid, credp->fc_gid);
+    err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid,
+                   AT_SYMLINK_NOFOLLOW);
     if (err == -1) {
         /*
          * If we fail to change ownership and if we are
          * using security model none. Ignore the error
          */
         if ((fs_ctx->export_flags & V9FS_SEC_MASK) != V9FS_SM_NONE) {
-            serrno = errno;
             goto err_end;
         } else {
             err = 0;
@@ -1131,11 +1127,9 @@ static int local_symlink_passthrough(FsContext *fs_ctx, 
const char *oldpath,
     goto out;
 
 err_end:
-    remove(buffer);
-    errno = serrno;
+    unlinkat_preserve_errno(dirfd, name, 0);
 out:
-    g_free(buffer);
-    v9fs_string_free(&fullname);
+    close_preserve_errno(dirfd);
     return err;
 }

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH RFC 15/36] 9pfs: remove side-effects in local_open() and local_opendir(), (continued)
- [Qemu-devel] [PATCH RFC 15/36] 9pfs: remove side-effects in local_open() and local_opendir(), Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 16/36] 9pfs: introduce openat_nofollow() helper, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 17/36] 9pfs: local: keep a file descriptor on the shared folder, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 18/36] 9pfs: local: open/opendir: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 19/36] 9pfs: local: utimensat: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 20/36] 9pfs: local: readlink: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 21/36] 9pfs: local: truncate: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 22/36] 9pfs: local: statfs: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 23/36] 9pfs: local: mknod/mkdir/open2: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 24/36] 9pfs: local: chmod: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 25/36] 9pfs: local: symlink: don't follow symlinks, Greg Kurz <=
- [Qemu-devel] [PATCH RFC 26/36] 9pfs: local: chown: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 27/36] 9pfs: local: link: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 28/36] 9pfs: local: rename: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 29/36] 9pfs: local: remove: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 30/36] 9pfs: local: unlinkat: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 32/36] 9pfs: local: lstat: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 33/36] 9pfs: local: lgetxattr: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 35/36] 9pfs: local: lsetxattr: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 36/36] 9pfs: local: lremovexattr: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 34/36] 9pfs: local: llistxattr: don't follow symlinks, Greg Kurz, 2017/01/30

Prev by Date: [Qemu-devel] [PATCH RFC 24/36] 9pfs: local: chmod: don't follow symlinks
Next by Date: [Qemu-devel] [PATCH RFC 26/36] 9pfs: local: chown: don't follow symlinks
Previous by thread: [Qemu-devel] [PATCH RFC 24/36] 9pfs: local: chmod: don't follow symlinks
Next by thread: [Qemu-devel] [PATCH RFC 26/36] 9pfs: local: chown: don't follow symlinks
Index(es):
- Date
- Thread