diff options
-rw-r--r-- | devel/libvirt/Makefile | 2 | ||||
-rw-r--r-- | devel/libvirt/files/patch-CVE-2015-5313 | 26 |
2 files changed, 27 insertions, 1 deletions
diff --git a/devel/libvirt/Makefile b/devel/libvirt/Makefile index b553261e462a..b1acddf093e8 100644 --- a/devel/libvirt/Makefile +++ b/devel/libvirt/Makefile @@ -3,7 +3,7 @@ PORTNAME= libvirt PORTVERSION= 1.2.19 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= devel MASTER_SITES= http://libvirt.org/sources/ \ ftp://libvirt.org/libvirt/ diff --git a/devel/libvirt/files/patch-CVE-2015-5313 b/devel/libvirt/files/patch-CVE-2015-5313 new file mode 100644 index 000000000000..ad1037cddffa --- /dev/null +++ b/devel/libvirt/files/patch-CVE-2015-5313 @@ -0,0 +1,26 @@ +--- src/storage/storage_backend_fs.c ++++ src/storage/storage_backend_fs.c +@@ -1,7 +1,7 @@ + /* + * storage_backend_fs.c: storage backend for FS and directory handling + * +- * Copyright (C) 2007-2014 Red Hat, Inc. ++ * Copyright (C) 2007-2015 Red Hat, Inc. + * Copyright (C) 2007-2008 Daniel P. Berrange + * + * This library is free software; you can redistribute it and/or +@@ -1057,6 +1057,14 @@ virStorageBackendFileSystemVolCreate(virConnectPtr conn ATTRIBUTE_UNUSED, + else + vol->type = VIR_STORAGE_VOL_FILE; + ++ /* Volumes within a directory pools are not recursive; do not ++ * allow escape to ../ or a subdir */ ++ if (strchr(vol->name, '/')) { ++ virReportError(VIR_ERR_OPERATION_INVALID, ++ _("volume name '%s' cannot contain '/'"), vol->name); ++ return -1; ++ } ++ + VIR_FREE(vol->target.path); + if (virAsprintf(&vol->target.path, "%s/%s", + pool->def->target.path, |