summaryrefslogtreecommitdiffstats
path: root/rpc/rpc-lib
diff options
context:
space:
mode:
authorAmar Tumballi <amarts@redhat.com>2018-11-01 07:02:11 +0530
committerShyamsundar Ranganathan <srangana@redhat.com>2018-11-05 18:50:10 +0000
commit5441fb4196a94d238377c427f400fe5e28ae5d46 (patch)
tree7ec9af6eb1206663e95d4592f93ed3f92a21404f /rpc/rpc-lib
parentacb208221bfe3ac897d8eb4fbe18fa6c8aa9286e (diff)
server: don't allow '/' in basename
Server stack needs to have all the sort of validation, assuming clients can be compromized. It is possible for a compromized client to send basenames with paths with '/', and with that create files without permission on server. By sanitizing the basename, and not allowing anything other than actual directory as the parent for any entry creation, we can mitigate the effects of clients not able to exploit the server. Fixes: CVE-2018-14651 Fixes: bz#1644755 Change-Id: I5dc0da0da2713452ff2b65ac2ddbccf1a267dc20 Signed-off-by: Amar Tumballi <amarts@redhat.com>
Diffstat (limited to 'rpc/rpc-lib')
0 files changed, 0 insertions, 0 deletions