[Qemu-devel] [PATCH RFC 27/36] 9pfs: local: link: don't follow symlinks

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH RFC 27/36] 9pfs: local: link: don't follow symlinks

From:	Greg Kurz
Subject:	[Qemu-devel] [PATCH RFC 27/36] 9pfs: local: link: don't follow symlinks
Date:	Mon, 30 Jan 2017 13:13:03 +0100
User-agent:	StGit/0.17.1-20-gc0b1b-dirty

This fixes CVE-2016-9602 for the "passthrough" and "mapped" security models.

Signed-off-by: Greg Kurz <address@hidden>
---
 hw/9pfs/9p-local.c |   40 ++++++++++++++++++++++------------------
 1 file changed, 22 insertions(+), 18 deletions(-)

diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index 5e320917c484..de860db3d70b 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -1181,21 +1181,23 @@ out:
 static int local_link(FsContext *ctx, V9fsPath *oldpath,
                       V9fsPath *dirpath, const char *name)
 {
-    int ret;
-    V9fsString newpath;
-    char *buffer, *buffer1;
-    int serrno;
-
-    v9fs_string_init(&newpath);
-    v9fs_string_sprintf(&newpath, "%s/%s", dirpath->data, name);
+    char *odirpath = local_dirname(oldpath->data);
+    char *oname = local_basename(oldpath->data);
+    int ret = -1;
+    int odirfd, ndirfd;
 
-    buffer = rpath(ctx, oldpath->data);
-    buffer1 = rpath(ctx, newpath.data);
-    ret = link(buffer, buffer1);
-    g_free(buffer);
-    if (ret < 0) {
+    odirfd = local_opendir_nofollow(ctx, odirpath);
+    if (odirfd == -1) {
         goto out;
     }
+    ndirfd = local_opendir_nofollow(ctx, dirpath->data);
+    if (ndirfd == -1) {
+        goto out_close_odirfd;
+    }
+    ret = linkat(odirfd, oname, ndirfd, name, AT_SYMLINK_FOLLOW);
+    if (ret < 0) {
+        goto out_close_ndirfd;
+    }
 
     /* now link the virtfs_metadata files */
     if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
@@ -1204,15 +1206,17 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
             goto err_out;
         }
     }
-    goto out;
+    goto out_close_ndirfd;
 
 err_out:
-    serrno = errno;
-    remove(buffer1);
-    errno = serrno;
+    unlinkat_preserve_errno(ndirfd, name, 0);
+out_close_ndirfd:
+    close_preserve_errno(ndirfd);
+out_close_odirfd:
+    close_preserve_errno(odirfd);
 out:
-    g_free(buffer1);
-    v9fs_string_free(&newpath);
+    g_free(oname);
+    g_free(odirpath);
     return ret;
 }

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH RFC 17/36] 9pfs: local: keep a file descriptor on the shared folder, (continued)
- [Qemu-devel] [PATCH RFC 17/36] 9pfs: local: keep a file descriptor on the shared folder, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 18/36] 9pfs: local: open/opendir: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 19/36] 9pfs: local: utimensat: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 20/36] 9pfs: local: readlink: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 21/36] 9pfs: local: truncate: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 22/36] 9pfs: local: statfs: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 23/36] 9pfs: local: mknod/mkdir/open2: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 24/36] 9pfs: local: chmod: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 25/36] 9pfs: local: symlink: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 26/36] 9pfs: local: chown: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 27/36] 9pfs: local: link: don't follow symlinks, Greg Kurz <=
- [Qemu-devel] [PATCH RFC 28/36] 9pfs: local: rename: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 29/36] 9pfs: local: remove: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 30/36] 9pfs: local: unlinkat: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 32/36] 9pfs: local: lstat: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 33/36] 9pfs: local: lgetxattr: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 35/36] 9pfs: local: lsetxattr: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 36/36] 9pfs: local: lremovexattr: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 34/36] 9pfs: local: llistxattr: don't follow symlinks, Greg Kurz, 2017/01/30
- [Qemu-devel] [PATCH RFC 31/36] 9pfs: local: introduce symlink-attack safe xattr helpers, Greg Kurz, 2017/01/30

Prev by Date: [Qemu-devel] [PATCH RFC 26/36] 9pfs: local: chown: don't follow symlinks
Next by Date: [Qemu-devel] [PATCH RFC 28/36] 9pfs: local: rename: don't follow symlinks
Previous by thread: [Qemu-devel] [PATCH RFC 26/36] 9pfs: local: chown: don't follow symlinks
Next by thread: [Qemu-devel] [PATCH RFC 28/36] 9pfs: local: rename: don't follow symlinks
Index(es):
- Date
- Thread