qemu/9pfs at 5b3c77aa581ebb215125c84b0742119483571e55 - qemu - SynapseOS git

mirrors/qemu

History

Greg Kurz 5b3c77aa58 9p: take write lock on fid path updates (CVE-2018-19364)

Recent commit 5b76ef50f62079a fixed a race where v9fs_co_open2() could
possibly overwrite a fid path with v9fs_path_copy() while it is being
accessed by some other thread, ie, use-after-free that can be detected
by ASAN with a custom 9p client.

It turns out that the same can happen at several locations where
v9fs_path_copy() is used to set the fid path. The fix is again to
take the write lock.

Fixes CVE-2018-19364.

Cc: P J P <ppandit@redhat.com>
Reported-by: zhibin hu <noirfate@gmail.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Greg Kurz <groug@kaod.org>

2018-11-20 13:00:35 +01:00

..

9p-handle.c

9pfs: Fix CLI parsing crash on error

2018-10-19 14:51:34 +02:00

9p-local.c

error: Fix use of error_prepend() with &error_fatal, &error_abort

2018-10-19 14:51:34 +02:00

9p-local.h

9pfs: local: open/opendir: don't follow symlinks

2017-02-28 11:21:15 +01:00

9p-posix-acl.c

9pfs: local: lremovexattr: don't follow symlinks

2017-02-28 11:21:15 +01:00

9p-proxy.c

9p: proxy: Fix size passed to connect

2018-06-07 12:17:21 +02:00

9p-proxy.h

Clean up ill-advised or unusual header guards

2016-07-12 16:20:46 +02:00

9p-synth.c

9p: fix leak in synth_name_to_path()

2018-02-19 18:27:32 +01:00

9p-synth.h

tests: virtio-9p: add FLUSH operation test

2018-02-02 11:11:55 +01:00

9p-util.c

9p: Move a couple xattr functions to 9p-util

2018-06-07 12:17:22 +02:00

9p-util.h

9p: Move a couple xattr functions to 9p-util

2018-06-07 12:17:22 +02:00

9p-xattr-user.c

9pfs: local: lremovexattr: don't follow symlinks

2017-02-28 11:21:15 +01:00

9p-xattr.c

9p: Move a couple xattr functions to 9p-util

2018-06-07 12:17:22 +02:00

9p-xattr.h

9pfs: fix XattrOperations typedef

2018-01-08 11:18:22 +01:00

9p.c

9p: take write lock on fid path updates (CVE-2018-19364)

2018-11-20 13:00:35 +01:00

9p.h

9p: xattr: Properly translate xattrcreate flags

2018-06-07 12:17:22 +02:00

codir.c

9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch]

2016-10-17 14:13:58 +02:00

cofile.c

9p: write lock path in v9fs_co_open2()

2018-11-08 21:19:05 +01:00

cofs.c

9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch]

2016-10-17 14:13:58 +02:00

coth.c

coroutine: move entry argument to qemu_coroutine_create

2016-07-13 13:26:02 +02:00

coth.h

9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch]

2016-10-17 14:13:58 +02:00

coxattr.c

9pfs: use coroutine_fn annotation in hw/9pfs/co*.[ch]

2016-10-17 14:13:58 +02:00

Makefile.objs

hw: make virtio devices configurable via default-configs/

2018-06-01 15:14:31 +02:00

trace-events

9p: add trace event for v9fs_setattr()

2018-05-02 08:59:24 +02:00

virtio-9p-device.c

9pfs: drop v9fs_register_transport()

2018-02-01 21:21:27 +01:00

virtio-9p.h

9pfs: introduce transport specific callbacks

2017-01-03 17:28:44 +01:00

xen-9p-backend.c

fsdev: Clean up error reporting in qemu_fsdev_add()

2018-10-19 14:51:34 +02:00

xen-9pfs.h

xen/9pfs: introduce Xen 9pfs backend

2017-04-25 11:04:28 -07:00