On 01.12.18 12:55, Philippe Mathieu-Daudé wrote:
> On 30/11/18 20:58, Eric Blake wrote:
>> On 11/30/18 1:08 PM, Philippe Mathieu-Daudé wrote:
>>> On 30/11/18 12:12, Gerd Hoffmann wrote:
Slash is unix directory separator, so they are not allowed in filenames.
Note this also stops the class
On 30/11/18 20:58, Eric Blake wrote:
> On 11/30/18 1:08 PM, Philippe Mathieu-Daudé wrote:
>> On 30/11/18 12:12, Gerd Hoffmann wrote:
>>> Slash is unix directory separator, so they are not allowed in filenames.
>>> Note this also stops the classic escape via "../".
>>>
>>> Fixes: CVE-2018-16867
>>>
Gerd Hoffmann writes:
> Slash is unix directory separator, so they are not allowed in filenames.
> Note this also stops the classic escape via "../".
>
> Fixes: CVE-2018-16867
> Reported-by: Michael Hanselmann (hansmi.ch)
> Signed-off-by: Gerd Hoffmann
> ---
> hw/usb/dev-mtp.c | 6 ++
> 1 f
On 11/30/18 1:08 PM, Philippe Mathieu-Daudé wrote:
On 30/11/18 12:12, Gerd Hoffmann wrote:
Slash is unix directory separator, so they are not allowed in filenames.
Note this also stops the classic escape via "../".
Fixes: CVE-2018-16867
Reported-by: Michael Hanselmann (hansmi.ch)
It's common
On 30/11/18 12:12, Gerd Hoffmann wrote:
> Slash is unix directory separator, so they are not allowed in filenames.
> Note this also stops the classic escape via "../".
>
> Fixes: CVE-2018-16867
> Reported-by: Michael Hanselmann (hansmi.ch)
It's common for scripts to match '', can you write this o
Slash is unix directory separator, so they are not allowed in filenames.
Note this also stops the classic escape via "../".
Fixes: CVE-2018-16867
Reported-by: Michael Hanselmann (hansmi.ch)
Signed-off-by: Gerd Hoffmann
---
hw/usb/dev-mtp.c | 6 ++
1 file changed, 6 insertions(+)
diff --git
