1. Patchew
  2. linux
  3. [PATCH v4 00/11] coredump: add coredump socket
  4. View patch

[PATCH v4 06/11] coredump: validate socket name as it is written

Christian Brauner posted 11 patches 7 months, 1 week ago
There is a newer version of this series
[PATCH v4 06/11] coredump: validate socket name as it is written
Posted by Christian Brauner 7 months, 1 week ago 
In contrast to other parameters written into
/proc/sys/kernel/core_pattern that never fail we can validate enabling
the new AF_UNIX support. This is obviously racy as hell but it's always
been that way.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/coredump.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/fs/coredump.c b/fs/coredump.c
index d61e15d855d2..0f00f77be988 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1200,10 +1200,21 @@ void validate_coredump_safety(void)
 static int proc_dostring_coredump(const struct ctl_table *table, int write,
 		  void *buffer, size_t *lenp, loff_t *ppos)
 {
-	int error = proc_dostring(table, write, buffer, lenp, ppos);
+	int error;
+	ssize_t retval;
+	char old_core_pattern[CORENAME_MAX_SIZE];
 
-	if (!error)
-		validate_coredump_safety();
+	retval = strscpy(old_core_pattern, core_pattern, CORENAME_MAX_SIZE);
+
+	error = proc_dostring(table, write, buffer, lenp, ppos);
+	if (error)
+		return error;
+	if (core_pattern[0] == '@' && strcmp(core_pattern, "@linuxafsk/coredump.socket")) {
+		strscpy(core_pattern, old_core_pattern, retval + 1);
+		return -EINVAL;
+	}
+
+	validate_coredump_safety();
 	return error;
 }
 

-- 
2.47.2

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.