* [PATCH 0/7] kvmtool: fix virtio 9p vulnerabilities
@ 2016-10-18 16:02 G. Campana
2016-11-08 2:39 ` Will Deacon
0 siblings, 1 reply; 3+ messages in thread
From: G. Campana @ 2016-10-18 16:02 UTC (permalink / raw)
To: Will.Deacon; +Cc: kvm, andre.przywara, G. Campana
This patch series should fix different vulnerabilities found in virtio 9p
(http://www.spinics.net/lists/kvm/msg130505.html), but it definitely needs some
testing. By the way, the very same path traversal vulnerability was also found
in Qemu in August: http://www.openwall.com/lists/oss-security/2016/08/30/1
and the path traversal fix looks quite similar.
G. Campana (7):
kvmtool: 9p: fix path traversal vulnerabilities
kvmtool: fix sprintf vulnerabilities
kvmtool: fix strcpy vulnerabilities
kvmtool: check strncpy return value
kvmtool: fix rel_to_abs()
kvmtool: refactor fixes with get_full_path()
kvmtool: 9p: refactor rel_to_abs()
virtio/9p.c | 202 ++++++++++++++++++++++++++++++++++++++++++++++++------------
1 file changed, 161 insertions(+), 41 deletions(-)
--
2.7.4
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 0/7] kvmtool: fix virtio 9p vulnerabilities
2016-10-18 16:02 [PATCH 0/7] kvmtool: fix virtio 9p vulnerabilities G. Campana
@ 2016-11-08 2:39 ` Will Deacon
2016-11-10 15:26 ` G. Campana
0 siblings, 1 reply; 3+ messages in thread
From: Will Deacon @ 2016-11-08 2:39 UTC (permalink / raw)
To: G. Campana; +Cc: kvm, andre.przywara
On Tue, Oct 18, 2016 at 06:02:31PM +0200, G. Campana wrote:
> This patch series should fix different vulnerabilities found in virtio 9p
> (http://www.spinics.net/lists/kvm/msg130505.html), but it definitely needs some
> testing. By the way, the very same path traversal vulnerability was also found
> in Qemu in August: http://www.openwall.com/lists/oss-security/2016/08/30/1
> and the path traversal fix looks quite similar.
I had a quick look through these and they're mostly ok, modulo the comments
I've made. When you send v2, please write a commit message for each patch,
as I can't merge them without that. You also need to add your Signed-off-by
to each one.
Thanks,
Will
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 0/7] kvmtool: fix virtio 9p vulnerabilities
2016-11-08 2:39 ` Will Deacon
@ 2016-11-10 15:26 ` G. Campana
0 siblings, 0 replies; 3+ messages in thread
From: G. Campana @ 2016-11-10 15:26 UTC (permalink / raw)
To: Will Deacon; +Cc: kvm, andre.przywara
On 08/11/2016 03:39, Will Deacon wrote:
> On Tue, Oct 18, 2016 at 06:02:31PM +0200, G. Campana wrote:
>> This patch series should fix different vulnerabilities found in virtio 9p
>> (http://www.spinics.net/lists/kvm/msg130505.html), but it definitely needs some
>> testing. By the way, the very same path traversal vulnerability was also found
>> in Qemu in August: http://www.openwall.com/lists/oss-security/2016/08/30/1
>> and the path traversal fix looks quite similar.
>
> I had a quick look through these and they're mostly ok, modulo the comments
> I've made. When you send v2, please write a commit message for each patch,
> as I can't merge them without that. You also need to add your Signed-off-by
> to each one.
>
> Thanks,
>
> Will
>
Thanks for review! I tried to answer all the comments in this second
version.
Gabriel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-11-10 15:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-18 16:02 [PATCH 0/7] kvmtool: fix virtio 9p vulnerabilities G. Campana
2016-11-08 2:39 ` Will Deacon
2016-11-10 15:26 ` G. Campana
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).