From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Sasha Levin <sashal@kernel.org>,
linux-fsdevel@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 11/11] readdir: make sure to verify directory entry for legacy interfaces too
Date: Mon, 19 Apr 2021 16:45:36 -0400 [thread overview]
Message-ID: <20210419204536.6924-11-sashal@kernel.org> (raw)
In-Reply-To: <20210419204536.6924-1-sashal@kernel.org>
From: Linus Torvalds <torvalds@linux-foundation.org>
[ Upstream commit 0c93ac69407d63a85be0129aa55ffaec27ffebd3 ]
This does the directory entry name verification for the legacy
"fillonedir" (and compat) interface that goes all the way back to the
dark ages before we had a proper dirent, and the readdir() system call
returned just a single entry at a time.
Nobody should use this interface unless you still have binaries from
1991, but let's do it right.
This came up during discussions about unsafe_copy_to_user() and proper
checking of all the inputs to it, as the networking layer is looking to
use it in a few new places. So let's make sure the _old_ users do it
all right and proper, before we add new ones.
See also commit 8a23eb804ca4 ("Make filldir[64]() verify the directory
entry filename is valid") which did the proper modern interfaces that
people actually use. It had a note:
Note that I didn't bother adding the checks to any legacy interfaces
that nobody uses.
which this now corrects. Note that we really don't care about POSIX and
the presense of '/' in a directory entry, but verify_dirent_name() also
ends up doing the proper name length verification which is what the
input checking discussion was about.
[ Another option would be to remove the support for this particular very
old interface: any binaries that use it are likely a.out binaries, and
they will no longer run anyway since we removed a.out binftm support
in commit eac616557050 ("x86: Deprecate a.out support").
But I'm not sure which came first: getdents() or ELF support, so let's
pretend somebody might still have a working binary that uses the
legacy readdir() case.. ]
Link: https://lore.kernel.org/lkml/CAHk-=wjbvzCAhAtvG0d81W5o0-KT5PPTHhfJ5ieDFq+bGtgOYg@mail.gmail.com/
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/readdir.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/readdir.c b/fs/readdir.c
index 0c357663e33a..e6f4c7b8884b 100644
--- a/fs/readdir.c
+++ b/fs/readdir.c
@@ -133,6 +133,9 @@ static int fillonedir(struct dir_context *ctx, const char *name, int namlen,
if (buf->result)
return -EINVAL;
+ buf->result = verify_dirent_name(name, namlen);
+ if (buf->result < 0)
+ return buf->result;
d_ino = ino;
if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
buf->result = -EOVERFLOW;
@@ -392,6 +395,9 @@ static int compat_fillonedir(struct dir_context *ctx, const char *name,
if (buf->result)
return -EINVAL;
+ buf->result = verify_dirent_name(name, namlen);
+ if (buf->result < 0)
+ return buf->result;
d_ino = ino;
if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
buf->result = -EOVERFLOW;
--
2.30.2
prev parent reply other threads:[~2021-04-19 20:50 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-19 20:45 [PATCH AUTOSEL 4.14 01/11] HID: alps: fix error return code in alps_input_configured() Sasha Levin
2021-04-19 20:45 ` [PATCH AUTOSEL 4.14 02/11] HID: wacom: Assign boolean values to a bool variable Sasha Levin
2021-04-19 20:45 ` [PATCH AUTOSEL 4.14 03/11] ARM: dts: Fix swapped mmc order for omap3 Sasha Levin
2021-04-19 20:45 ` [PATCH AUTOSEL 4.14 04/11] net: geneve: check skb is large enough for IPv4/IPv6 header Sasha Levin
2021-04-19 20:45 ` [PATCH AUTOSEL 4.14 05/11] s390/entry: save the caller of psw_idle Sasha Levin
2021-04-19 20:45 ` [PATCH AUTOSEL 4.14 06/11] xen-netback: Check for hotplug-status existence before watching Sasha Levin
2021-04-19 20:45 ` [PATCH AUTOSEL 4.14 07/11] cavium/liquidio: Fix duplicate argument Sasha Levin
2021-04-19 20:45 ` [PATCH AUTOSEL 4.14 08/11] i2c: mv64xxx: Fix random system lock caused by runtime PM Sasha Levin
2021-04-19 20:45 ` [PATCH AUTOSEL 4.14 09/11] ia64: fix discontig.c section mismatches Sasha Levin
2021-04-19 20:45 ` Sasha Levin
2021-04-19 20:45 ` [PATCH AUTOSEL 4.14 10/11] ia64: tools: remove duplicate definition of ia64_mf() on ia64 Sasha Levin
2021-04-19 20:45 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210419204536.6924-11-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.