Re: [Qemu-devel] [PATCH for-3.1 2/2] usb-mtp: outlaw slashes in filename

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH for-3.1 2/2] usb-mtp: outlaw slashes in filename

From:	Philippe Mathieu-Daudé
Subject:	Re: [Qemu-devel] [PATCH for-3.1 2/2] usb-mtp: outlaw slashes in filenames
Date:	Sat, 1 Dec 2018 12:55:33 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0

On 30/11/18 20:58, Eric Blake wrote:
> On 11/30/18 1:08 PM, Philippe Mathieu-Daudé wrote:
>> On 30/11/18 12:12, Gerd Hoffmann wrote:
>>> Slash is unix directory separator, so they are not allowed in filenames.
>>> Note this also stops the classic escape via "../".
>>>
>>> Fixes: CVE-2018-16867
>>> Reported-by: Michael Hanselmann (hansmi.ch)
>>
>> It's common for scripts to match '<email>', can you write this one as
>> Michael Hanselmann <hansmi.ch>?
> 
> That's not an email address, though. Do we have an email for Michael, or
> just a username?
> 

I did not notice hehe :)

Per the gpg key: Michael Hanselmann <address@hidden>
Per git commits: Michael Hanselmann <address@hidden>

Cc'ed him so he can decide/confirm.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH for-3.1 2/2] usb-mtp: outlaw slashes in filenames, Philippe Mathieu-Daudé <=
- Re: [Qemu-devel] [PATCH for-3.1 2/2] usb-mtp: outlaw slashes in filenames, Michael Hanselmann, 2018/12/01

Prev by Date: Re: [Qemu-devel] [PATCH 05/10] hw/i386/pc.c: Don't use load_image()
Next by Date: Re: [Qemu-devel] [PATCH v3 15/16] hw/i2c/smbus_eeprom: Create at most SMBUS_EEPROM_MAX EEPROMs on a SMBus
Previous by thread: Re: [Qemu-devel] [PATCH 05/10] hw/i386/pc.c: Don't use load_image()
Next by thread: Re: [Qemu-devel] [PATCH for-3.1 2/2] usb-mtp: outlaw slashes in filenames
Index(es):
- Date
- Thread