projects / platform / upstream / multipath-tools.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3b3a6d9)
do not allow relative path names to be added to the pathvec
authorMike Snitzer <snitzer@redhat.com>
Wed, 29 Apr 2009 19:25:09 +0000 (15:25 -0400)
committerMike Snitzer <snitzer@redhat.com>
Wed, 29 Apr 2009 19:25:09 +0000 (15:25 -0400)
CVE-2009-0115 taught us that such paths should not be tolerated

Signed-off-by: Mike Snitzer <snitzer@redhat.com>
multipathd/main.c patch | blob | history

diff --git a/multipathd/main.c b/multipathd/main.c
index f2848fb..c7ef4df 100644 (file)
--- a/multipathd/main.c
+++ b/multipathd/main.c
@@ -353,6 +353,14 @@ ev_add_path (char * devname, struct vectors * vecs)
        struct path * pp;
        char empty_buff[WWID_SIZE] = {0};
 
+       if (strstr(devname, "..") != NULL) {
+               /*
+                * Don't allow relative device names in the pathvec
+                */
+               condlog(0, "%s: path name is invalid", devname);
+               return 1;
+       }
+
        pp = find_path_by_dev(vecs->pathvec, devname);
 
        if (pp) {
Domain: System / Base;