projects
/
platform
/
upstream
/
multipath-tools.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
3b3a6d9
)
do not allow relative path names to be added to the pathvec
author
Mike Snitzer
<snitzer@redhat.com>
Wed, 29 Apr 2009 19:25:09 +0000
(15:25 -0400)
committer
Mike Snitzer
<snitzer@redhat.com>
Wed, 29 Apr 2009 19:25:09 +0000
(15:25 -0400)
CVE-2009-0115 taught us that such paths should not be tolerated
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
multipathd/main.c
patch
|
blob
|
history
diff --git
a/multipathd/main.c
b/multipathd/main.c
index
f2848fb
..
c7ef4df
100644
(file)
--- a/
multipathd/main.c
+++ b/
multipathd/main.c
@@
-353,6
+353,14
@@
ev_add_path (char * devname, struct vectors * vecs)
struct path * pp;
char empty_buff[WWID_SIZE] = {0};
+ if (strstr(devname, "..") != NULL) {
+ /*
+ * Don't allow relative device names in the pathvec
+ */
+ condlog(0, "%s: path name is invalid", devname);
+ return 1;
+ }
+
pp = find_path_by_dev(vecs->pathvec, devname);
if (pp) {