File CVE-2020-7211-qemut-slirp-potential-directory-t... of Package xen.17654

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2020-7211-qemut-slirp-potential-directory-traversal-using-relative-paths.patch of Package xen.17654

tftp restricts relative or directory path access on Linux systems.
Apply same restrictions on Windows systems too. It helps to avoid
directory traversal issue.

Fixes: https://bugs.launchpad.net/qemu/+bug/1812451Reported-by: default avatarPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: default avatarPrasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Samuel Thibault's avatarSamuel Thibault <samuel.thibault@ens-lyon.org>
Message-Id: <20200113121431.156708-1-ppandit@redhat.com>

Index: xen-4.7.6-testing/tools/qemu-xen-traditional-dir-remote/slirp/tftp.c
===================================================================
--- xen-4.7.6-testing.orig/tools/qemu-xen-traditional-dir-remote/slirp/tftp.c
+++ xen-4.7.6-testing/tools/qemu-xen-traditional-dir-remote/slirp/tftp.c
@@ -326,9 +326,13 @@ static void tftp_handle_rrq(struct tftp_
 
   /* do sanity checks on the filename */
 
-  if ((spt->filename[0] != '/')
-      || (spt->filename[strlen((char *)spt->filename) - 1] == '/')
-      ||  strstr((char *)spt->filename, "/../")) {
+  if (
+#ifdef _WIN32
+      strstr(spt->filename, "..\\") ||
+      spt->filename[strlen(spt->filename) - 1] == '\\' ||
+#endif
+      strstr(spt->filename, "../") ||
+      spt->filename[strlen(spt->filename) - 1] == '/') {
       tftp_send_error(spt, 2, "Access violation", tp);
       return;
   }

Places

File CVE-2020-7211-qemut-slirp-potential-directory-traversal-using-relative-paths.patch of Package xen.17654

Places