9pfs: fix illegal names with Twstat rename

[PATCH 0/3] 9pfs: fix illegal names with Twstat rename

Christian Schoenebeck posted 3 patches 1 day ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/cover.1780072238.git.qemu._5Foss@crudebyte.com

Maintainers: Christian Schoenebeck <qemu_oss@crudebyte.com>, Greg Kurz <groug@kaod.org>

hw/9pfs/9p.c | 97 +++++++++++++++++++++++-----------------------------
1 file changed, 42 insertions(+), 55 deletions(-)

Expand all Fold all

[PATCH 0/3] 9pfs: fix illegal names with Twstat rename

Posted by Christian Schoenebeck 1 day ago

This series fixes a guest-triggerable assertion fault (DoS) caused by
sending an illegal new name with the legacy Twstat rename handler.

 - Patch 1: This is the core fix that prevents the DoS vulnerability.

 - Patch 2: Additionally rejects "." and ".." as new names with Twstat
   rename operations (not being a vulnerability though).

 - Patch 3: Consolidates the name validation logic spread multiple
   times over multiple request handlers.

Christian Schoenebeck (3):
  hw/9pfs: fix abort due to illegal name with Twstat rename
  hw/9pfs: reject . and .. in Twstat rename
  hw/9pfs: consolidate name validation with check_name()

 hw/9pfs/9p.c | 97 +++++++++++++++++++++++-----------------------------
 1 file changed, 42 insertions(+), 55 deletions(-)

-- 
2.47.3