9pfs: fix vulnerability in openat_dir() and local_unlinkat_common() We should pass O_NOFOLLOW otherwise openat() will follow symlinks and make QEMU vulnerable. While here, we also fix local_unlinkat_common() to use openat_dir() for the same reasons (it was a leftover in the original patchset actually). This fixes CVE-2016-9602. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>

commit: b003fc0d8aa5e7060dbf7e5862b8013c73857c7f [log] [tgz]
author: Greg Kurz <groug@kaod.org> Mon Mar 06 17:34:01 2017 +0100
committer: Greg Kurz <groug@kaod.org> Mon Mar 06 17:34:01 2017 +0100
tree: 632eff8c91edde80c4a439fff1ade2d7573ace24
parent: 918112c02aff2bac4cb72dc2feba0cb05305813e [diff] [blame]
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index 0ca4c94..45e9a1f 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c

@@ -960,7 +960,7 @@
         if (flags == AT_REMOVEDIR) {
             int fd;
 
-            fd = openat(dirfd, name, O_RDONLY | O_DIRECTORY | O_PATH);
+            fd = openat_dir(dirfd, name);
             if (fd == -1) {
                 goto err_out;
             }
commit	b003fc0d8aa5e7060dbf7e5862b8013c73857c7f	[log] [tgz]
author	Greg Kurz <groug@kaod.org>	Mon Mar 06 17:34:01 2017 +0100
committer	Greg Kurz <groug@kaod.org>	Mon Mar 06 17:34:01 2017 +0100
tree	632eff8c91edde80c4a439fff1ade2d7573ace24
parent	918112c02aff2bac4cb72dc2feba0cb05305813e [diff] [blame]