summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/qemu-CVE-2020-7211.patch
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2020-01-20 11:34:01 -0500
committerLeo Famulari <leo@famulari.name>2020-01-24 21:09:28 -0500
commitf528df99f1e99fa32f7cc6d291262192234ec758 (patch)
tree90d646e58c5648957c01cf9513ed55e3ae636442 /gnu/packages/patches/qemu-CVE-2020-7211.patch
parent0ef7e44439c6e1b87bea5cdc39f1fa07e62edba4 (diff)
gnu: QEMU: Fix CVE-2020-{7039,7211}.
* gnu/packages/patches/qemu-CVE-2020-7039.patch, gnu/packages/patches/qemu-CVE-2020-7211.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/virtualization.scm (qemu)[source]: Use them.
Diffstat (limited to 'gnu/packages/patches/qemu-CVE-2020-7211.patch')
-rw-r--r--gnu/packages/patches/qemu-CVE-2020-7211.patch49
1 files changed, 49 insertions, 0 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2020-7211.patch b/gnu/packages/patches/qemu-CVE-2020-7211.patch
new file mode 100644
index 0000000000..2885dda411
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2020-7211.patch
@@ -0,0 +1,49 @@
+Fix CVE-2020-7211:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7211
+
+Patch copied from upstream dependency repository:
+
+https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
+
+From 14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Mon, 13 Jan 2020 17:44:31 +0530
+Subject: [PATCH] slirp: tftp: restrict relative path access
+
+tftp restricts relative or directory path access on Linux systems.
+Apply same restrictions on Windows systems too. It helps to avoid
+directory traversal issue.
+
+Fixes: https://bugs.launchpad.net/qemu/+bug/1812451
+Reported-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Message-Id: <20200113121431.156708-1-ppandit@redhat.com>
+---
+ src/tftp.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/tftp.c b/src/tftp.c
+index 093c2e0..e52e71b 100644
+--- a/slirp/src/tftp.c
++++ b/slirp/src/tftp.c
+@@ -344,8 +344,13 @@ static void tftp_handle_rrq(Slirp *slirp, struct sockaddr_storage *srcsas,
+ k += 6; /* skipping octet */
+
+ /* do sanity checks on the filename */
+- if (!strncmp(req_fname, "../", 3) ||
+- req_fname[strlen(req_fname) - 1] == '/' || strstr(req_fname, "/../")) {
++ if (
++#ifdef G_OS_WIN32
++ strstr(req_fname, "..\\") ||
++ req_fname[strlen(req_fname) - 1] == '\\' ||
++#endif
++ strstr(req_fname, "../") ||
++ req_fname[strlen(req_fname) - 1] == '/') {
+ tftp_send_error(spt, 2, "Access violation", tp);
+ return;
+ }
+--
+2.24.1
+