summaryrefslogtreecommitdiffstats
path: root/tools/virtiofsd/fuse_virtio.c
diff options
context:
space:
mode:
authorStefan Hajnoczi2019-02-26 18:58:59 +0100
committerDr. David Alan Gilbert2020-01-23 17:41:36 +0100
commit25dae28c58d7e706b5d5db99042c9db3cef2e657 (patch)
tree7e5cfc815d3541e43703e8af81e23e3015edce63 /tools/virtiofsd/fuse_virtio.c
parentvirtiofsd: passthrough_ll: add fallback for racy ops (diff)
downloadqemu-25dae28c58d7e706b5d5db99042c9db3cef2e657.tar.gz
qemu-25dae28c58d7e706b5d5db99042c9db3cef2e657.tar.xz
qemu-25dae28c58d7e706b5d5db99042c9db3cef2e657.zip
virtiofsd: validate path components
Several FUSE requests contain single path components. A correct FUSE client sends well-formed path components but there is currently no input validation in case something went wrong or the client is malicious. Refuse ".", "..", and paths containing '/' when we expect a path component. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Diffstat (limited to 'tools/virtiofsd/fuse_virtio.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-05-01 06:47:50 +0200