Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2026-01-25 17:39:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

swtpm: Do not follow symlinks when opening lockfile (CVE-2020-28407)

Browse Source 
This patch addresses CVE-2020-28407.

Prevent us from following symliks when we open the lockfile
for writing.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This commit is contained in:
Stefan Berger 2020-11-08 21:45:40 -05:00 committed by Stefan Berger
parent 401c9e57a7
commit 110ab4c908
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/swtpm/swtpm_nvfile.c
View File

@ -210,7 +210,7 @@ static TPM_RESULT SWTPM_NVRAM_Lock_Lockfile(const char *directory,
return TPM_FAIL;
}
*fd = open(lockfile, O_WRONLY|O_CREAT|O_TRUNC, 0660);
*fd = open(lockfile, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW, 0660);
if (*fd < 0) {
logprintf(STDERR_FILENO,
"SWTPM_NVRAM_Lock_Lockfile: Could not open lockfile: %s\n",