devel/libvirt: fix CVE-2015-5313

Approved by:	ports-secteam (delphij)

2 files changed, 27 insertions, 1 deletions

diff --git a/devel/libvirt/Makefile b/devel/libvirt/Makefile
index b553261e462a..b1acddf093e8 100644
--- a/devel/libvirt/Makefile
+++ b/devel/libvirt/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	libvirt
 PORTVERSION=	1.2.19
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	devel
 MASTER_SITES=	http://libvirt.org/sources/ \
 		ftp://libvirt.org/libvirt/
diff --git a/devel/libvirt/files/patch-CVE-2015-5313 b/devel/libvirt/files/patch-CVE-2015-5313
new file mode 100644
index 000000000000..ad1037cddffa
--- /dev/null
+++ b/devel/libvirt/files/patch-CVE-2015-5313
@@ -0,0 +1,26 @@
+--- src/storage/storage_backend_fs.c
++++ src/storage/storage_backend_fs.c
+@@ -1,7 +1,7 @@
+ /*
+  * storage_backend_fs.c: storage backend for FS and directory handling
+  *
+- * Copyright (C) 2007-2014 Red Hat, Inc.
++ * Copyright (C) 2007-2015 Red Hat, Inc.
+  * Copyright (C) 2007-2008 Daniel P. Berrange
+  *
+  * This library is free software; you can redistribute it and/or
+@@ -1057,6 +1057,14 @@ virStorageBackendFileSystemVolCreate(virConnectPtr conn ATTRIBUTE_UNUSED,
+     else
+         vol->type = VIR_STORAGE_VOL_FILE;
+ 
++    /* Volumes within a directory pools are not recursive; do not
++     * allow escape to ../ or a subdir */
++    if (strchr(vol->name, '/')) {
++        virReportError(VIR_ERR_OPERATION_INVALID,
++                       _("volume name '%s' cannot contain '/'"), vol->name);
++        return -1;
++    }
++
+     VIR_FREE(vol->target.path);
+     if (virAsprintf(&vol->target.path, "%s/%s",
+                     pool->def->target.path,