1. Patchew
  2. linux
  3. View series

[PATCH] proc: use strnlen() for name validation in __proc_create

Thorsten Blum posted 1 patch 1 month, 3 weeks ago 
fs/proc/generic.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
[PATCH] proc: use strnlen() for name validation in __proc_create
Posted by Thorsten Blum 1 month, 3 weeks ago 
Replace strlen(fn) with strnlen(fn, NAME_MAX + 1) when validating the
final path component in __proc_create().

This preserves the existing name limit while bounding the length scan to
one byte past the maximum name length. Handle empty names separately,
and treat names longer than NAME_MAX as too long.

Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 fs/proc/generic.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/fs/proc/generic.c b/fs/proc/generic.c
index 8bb81e58c9d8..3063080f3bb2 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -427,9 +427,13 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent,
 	if (xlate_proc_name(name, parent, &fn) != 0)
 		goto out;
 	qstr.name = fn;
-	qstr.len = strlen(fn);
-	if (qstr.len == 0 || qstr.len >= 256) {
-		WARN(1, "name len %u\n", qstr.len);
+	qstr.len = strnlen(fn, NAME_MAX + 1);
+	if (qstr.len == 0) {
+		WARN(1, "empty name\n");
+		return NULL;
+	}
+	if (qstr.len > NAME_MAX) {
+		WARN(1, "name too long\n");
 		return NULL;
 	}
 	if (qstr.len == 1 && fn[0] == '.') {
Re: [PATCH] proc: use strnlen() for name validation in __proc_create
Posted by Alexey Dobriyan 1 month, 3 weeks ago 
On Tue, Apr 21, 2026 at 02:26:47PM +0200, Thorsten Blum wrote:
> Replace strlen(fn) with strnlen(fn, NAME_MAX + 1) when validating the
> final path component in __proc_create().
> 
> This preserves the existing name limit while bounding the length scan to
> one byte past the maximum name length. Handle empty names separately,
> and treat names longer than NAME_MAX as too long.

256 in the code is really U8_MAX+1 (see proc_dir_entry.namelen).

The fact that NAME_MAX is also 255 is a coincidence. I didn't thought
about NAME_MAX when writing this code.

Can you just change 256 to NAME_MAX?

	/proc/alexey

> --- a/fs/proc/generic.c
> +++ b/fs/proc/generic.c
> @@ -427,9 +427,13 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent,
>  	if (xlate_proc_name(name, parent, &fn) != 0)
>  		goto out;
>  	qstr.name = fn;
> -	qstr.len = strlen(fn);
> -	if (qstr.len == 0 || qstr.len >= 256) {
> -		WARN(1, "name len %u\n", qstr.len);
> +	qstr.len = strnlen(fn, NAME_MAX + 1);
> +	if (qstr.len == 0) {
> +		WARN(1, "empty name\n");
> +		return NULL;
> +	}
> +	if (qstr.len > NAME_MAX) {
> +		WARN(1, "name too long\n");
Re: [PATCH] proc: use strnlen() for name validation in __proc_create
Posted by Thorsten Blum 1 month, 3 weeks ago 
On Tue, Apr 21, 2026 at 04:02:24PM +0300, Alexey Dobriyan wrote:
> On Tue, Apr 21, 2026 at 02:26:47PM +0200, Thorsten Blum wrote:
> > Replace strlen(fn) with strnlen(fn, NAME_MAX + 1) when validating the
> > final path component in __proc_create().
> > 
> > This preserves the existing name limit while bounding the length scan to
> > one byte past the maximum name length. Handle empty names separately,
> > and treat names longer than NAME_MAX as too long.
> 
> 256 in the code is really U8_MAX+1 (see proc_dir_entry.namelen).
> 
> The fact that NAME_MAX is also 255 is a coincidence. I didn't thought
> about NAME_MAX when writing this code.
> 
> Can you just change 256 to NAME_MAX?

I assume you meant U8_MAX here ^^

I don't mind switching to U8_MAX, but NAME_MAX seems semantically better
since we're validating a filename.

Thanks,
Thorsten
Re: [PATCH] proc: use strnlen() for name validation in __proc_create
Posted by Jan Kara 1 month, 3 weeks ago 
On Tue 21-04-26 14:26:47, Thorsten Blum wrote:
> Replace strlen(fn) with strnlen(fn, NAME_MAX + 1) when validating the
> final path component in __proc_create().
> 
> This preserves the existing name limit while bounding the length scan to
> one byte past the maximum name length. Handle empty names separately,
> and treat names longer than NAME_MAX as too long.
> 
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/proc/generic.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/proc/generic.c b/fs/proc/generic.c
> index 8bb81e58c9d8..3063080f3bb2 100644
> --- a/fs/proc/generic.c
> +++ b/fs/proc/generic.c
> @@ -427,9 +427,13 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent,
>  	if (xlate_proc_name(name, parent, &fn) != 0)
>  		goto out;
>  	qstr.name = fn;
> -	qstr.len = strlen(fn);
> -	if (qstr.len == 0 || qstr.len >= 256) {
> -		WARN(1, "name len %u\n", qstr.len);
> +	qstr.len = strnlen(fn, NAME_MAX + 1);
> +	if (qstr.len == 0) {
> +		WARN(1, "empty name\n");
> +		return NULL;
> +	}
> +	if (qstr.len > NAME_MAX) {
> +		WARN(1, "name too long\n");
>  		return NULL;
>  	}
>  	if (qstr.len == 1 && fn[0] == '.') {
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.