diff options
| author | Christian Brauner <[email protected]> | 2025-06-12 13:25:18 +0000 |
|---|---|---|
| committer | Christian Brauner <[email protected]> | 2025-06-16 15:01:22 +0000 |
| commit | 3a2c977c463c68bf6fcd0138d15efa5f3adc743c (patch) | |
| tree | 26a3b03194f81f50600df07529c220aafd6a7402 | |
| parent | coredump: fix socket path validation (diff) | |
| download | kernel-3a2c977c463c68bf6fcd0138d15efa5f3adc743c.tar.gz kernel-3a2c977c463c68bf6fcd0138d15efa5f3adc743c.zip | |
coredump: validate that path doesn't exceed UNIX_PATH_MAX
so we don't pointlessly accepts things that go over the limit.
Link: https://lore.kernel.org/[email protected]
Signed-off-by: Christian Brauner <[email protected]>
| -rw-r--r-- | fs/coredump.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/fs/coredump.c b/fs/coredump.c index 70e37435eca9..a64b87878ab3 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -1388,6 +1388,8 @@ void validate_coredump_safety(void) static inline bool check_coredump_socket(void) { + const char *p; + if (core_pattern[0] != '@') return true; @@ -1407,10 +1409,15 @@ static inline bool check_coredump_socket(void) /* ... and if so must be an absolute path. */ if (core_pattern[2] != '/') return false; - /* Anything else is unsupported. */ - return false; + p = &core_pattern[2]; + } else { + p = &core_pattern[1]; } + /* The path obviously cannot exceed UNIX_PATH_MAX. */ + if (strlen(p) >= UNIX_PATH_MAX) + return false; + return true; } |