Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

coredump: validate socket path in coredump_parse() 

properly again. Someone might have modified the buffer concurrently.

Link: https://lore.kernel.org/20250612-work-coredump-massage-v1-7-315c0c34ba94@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
This commit is contained in:
Christian Brauner 2025-06-12 15:25:21 +02:00
parent edfe3bdbbb
commit 6dfc06d328
No known key found for this signature in database
GPG Key ID: 91C61BC06578DCA2
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
fs/coredump.c
View File

@ -296,6 +296,17 @@ static bool coredump_parse(struct core_name *cn, struct coredump_params *cprm,
return false; return false;
} }
/* Must not contain ".." in the path. */
if (name_contains_dotdot(cn->corename)) {
coredump_report_failure("Coredump socket may not %s contain '..' spaces", cn->corename);
return false;
}
if (strlen(cn->corename) >= UNIX_PATH_MAX) {
coredump_report_failure("Coredump socket path %s too long", cn->corename);
return false;
}
/* /*
* Currently no need to parse any other options. * Currently no need to parse any other options.
* Relevant information can be retrieved from the peer * Relevant information can be retrieved from the peer