QEMU

CVE-2017-7471 repeated?

Bug #1736376 reported by Rooney on 2017-12-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	QEMU	Invalid	Undecided	Unassigned

Bug Description

In the hw/9pfs/9p-proxy.c file I can see the following which is changed because of CVE-2017-7471 in the hw/9pfs/9p-local.c. I might be wrong but I guess that should be changed as well.

if(dir_path){
v9fs_path_sprintf(target,"%s/%s",dir_path->data,name);
}
else{
v9fs_path_sprintf(target,"%s",name);
}

CVE References

2017-7471

Revision history for this message

Greg Kurz (gkurz) wrote on 2017-12-05:

When using the proxy backend, all accesses to the host filesystem are handled by an external process running in a chroot() jail. No need to bother about paths in this case.

CVE-2017-7471 is only applicable to the local backend, because accesses are handled by QEMU directly in this case.

Changed in qemu:
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.