[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3] 9pfs: prevent opening special files (CVE-2023-2861)
From: |
Michael Tokarev |
Subject: |
Re: [PATCH v3] 9pfs: prevent opening special files (CVE-2023-2861) |
Date: |
Wed, 7 Jun 2023 18:34:05 +0300 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 |
07.06.2023 17:50, Greg Kurz wrote:
On Wed, 7 Jun 2023 15:50:01 +0200
..
+static inline int check_is_regular_file_or_dir(int fd)
+{
+ struct stat stbuf;
+
+ if (qemu_fstat(fd, &stbuf) < 0) {
+ close_preserve_errno(fd);
Maybe worth to mention somewhere that this function not only
checks but also closes the fd if it doesn't point to a regular
file or directory. Or maybe change the name, e.g.
filter_out_special_files() ?
I realized this after sent initial comment, - my suggestion for
the name was awful. It is either check_is_regular() and close
after it failed, or it is ensure_regular_or_close().. But I
didn't sent a correction, hoping it's easy to spot the awful
suggestion.. :)
I don't like it when such a simple thing, especially when
reviewed without good care like in my case, generates so
much ping-pong.. :(
Anyway the fix is fine enough to address the CVE.
Yeah.
/mjt