1. Patchew
  2. QEMU
  3. [PATCH 00/25] virtiofs daemon (security)
  4. View patch

[PATCH 13/25] virtiofsd: prevent ".." escape in lo_do_lookup()

Dr. David Alan Gilbert (git) posted 25 patches 6 years, 3 months ago
[PATCH 13/25] virtiofsd: prevent ".." escape in lo_do_lookup()
Posted by Dr. David Alan Gilbert (git) 6 years, 3 months ago 
From: Stefan Hajnoczi <stefanha@redhat.com>

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 contrib/virtiofsd/passthrough_ll.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/contrib/virtiofsd/passthrough_ll.c b/contrib/virtiofsd/passthrough_ll.c
index 702fedc38a..7a61bf94fe 100644
--- a/contrib/virtiofsd/passthrough_ll.c
+++ b/contrib/virtiofsd/passthrough_ll.c
@@ -606,12 +606,17 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name,
 	int res;
 	int saverr;
 	struct lo_data *lo = lo_data(req);
-	struct lo_inode *inode;
+	struct lo_inode *inode, *dir = lo_inode(req, parent);
 
 	memset(e, 0, sizeof(*e));
 	e->attr_timeout = lo->timeout;
 	e->entry_timeout = lo->timeout;
 
+	/* Do not allow escaping root directory */
+	if (dir == &lo->root && strcmp(name, "..") == 0) {
+		name = ".";
+	}
+
 	newfd = openat(lo_fd(req, parent), name, O_PATH | O_NOFOLLOW);
 	if (newfd == -1)
 		goto out_err;
-- 
2.23.0

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.