Commit graph

1 commit

Author SHA1 Message Date
Abhijeet Kasurde
7d2ae7e322 solaris_zone: Allow only valid characters in zone name (#65686)
CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that.
However, there is no user input validation done while performing actions.
A malicious user could provide a crafted zone name which allows executing commands
into the server manipulating the module behaviour.

Adding user input validation as per Solaris Zone documentation fixes this issue.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-12-10 07:18:55 -05:00