From mboxrd@z Thu Jan  1 00:00:00 1970
From: "G. Campana" <gcampana+kvm@quarkslab.com>
Subject: [PATCH 0/5] [PATCH v2] kvmtool: fix virtio 9p vulnerabilities
Date: Thu, 10 Nov 2016 16:21:06 +0100
Message-ID: <1478791271-7558-1-git-send-email-gcampana+kvm@quarkslab.com>
Cc: kvm@vger.kernel.org, andre.przywara@arm.com,
        gcampana+kvm@quarkslab.com
To: Will.Deacon@arm.com
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail.quarkslab.com ([195.154.215.101]:51337 "EHLO
        mail.quarkslab.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S933297AbcKJPVt (ORCPT <rfc822;kvm@vger.kernel.org>);
        Thu, 10 Nov 2016 10:21:49 -0500
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

This patch series should fix different vulnerabilities found in virtio 9p
(http://www.spinics.net/lists/kvm/msg130505.html), but it definitely needs some
testing. By the way, the very same path traversal vulnerability was also found
in Qemu in August: http://www.openwall.com/lists/oss-security/2016/08/30/1
and the path traversal fix looks quite similar.

v2:
* merge some commits
* add an explicit commit message to each patch
* add a Signed-off-by: line

v1:


G. Campana (5):
  kvmtool: 9p: fix path traversal vulnerabilities
  kvmtool: 9p: fix sprintf vulnerabilities
  kvmtool: 9p: fix strcpy vulnerabilities
  kvmtool: 9p: refactor fixes with get_full_path()
  kvmtool: 9p: fix a buffer overflow in rel_to_abs

 virtio/9p.c | 199 +++++++++++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 158 insertions(+), 41 deletions(-)

-- 
2.7.4