nova.git - OpenStack's nova patches.

diff options

author	Russell Bryant <rbryant@redhat.com>	2012-06-20 11:13:13 -0400
committer	Thierry Carrez <thierry@openstack.org>	2012-07-03 16:24:55 +0200
commit	2427d4a99bed35baefd8f17ba422cb7aae8dcca7 (patch)
tree	37b591b0958aade262d6badf3af3d89384340699 /nova/context.py
parent	d335457f48d09c3d780c92413fe777030c1335e2 (diff)
download	nova-2427d4a99bed35baefd8f17ba422cb7aae8dcca7.tar.gz nova-2427d4a99bed35baefd8f17ba422cb7aae8dcca7.tar.xz nova-2427d4a99bed35baefd8f17ba422cb7aae8dcca7.zip

Prevent file injection writing to host filesystem.

Fix bug 1015531, CVE-2012-3360, CVE-2012-3361 This patch prevents the file injection code from writing into the host filesystem if a user specifies a path for the injected file that contains '..'. The check is to make sure that the final normalized path that is about to be written to is within the mounted guest filesystem. Signed-off-by: Russell Bryant <rbryant@redhat.com> Signed-off-by: Pádraig Brady <pbrady@redhat.com> Signed-off-by: Mark McLoughlin <markmc@redhat.com> Change-Id: I658cd12fd319cee91eb9544cdf53c862c5d2c560

Diffstat (limited to 'nova/context.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: