[PATCH] restrict class names to valid file names

[PATCH] restrict class names to valid file names

[Stephen Hemminger]

It is possible to name network devices with names like "my/bogus" or "." or ".."
which leaves /sys/class/net/ a mess.  Since other subsystems could have the same
problem, it made sense to me to enforce some restrictions in the class device
layer.

A lateer patch fixes the network device registration path because the
sysfs registration takes place after the register_netdevice call has taken place.

diff -Nru a/drivers/base/class.c b/drivers/base/class.c
--- a/drivers/base/class.c	Mon Jan 12 15:11:55 2004
+++ b/drivers/base/class.c	Mon Jan 12 15:11:55 2004
@@ -87,10 +87,24 @@
 	subsys_put(&cls->subsys);
 }
 
+/* Restrict class names to valid file names */
+int 
+class_name_valid(const char *name)
+{
+	return !(name[0] == '\0'
+		 || (name[0] == '.' 
+		     && (name[1] == '\0' 
+			 || (name[1] == '.' && (name[2] == '\0'))))
+		 || strchr(name, '/'));
+}
+
 int class_register(struct class * cls)
 {
 	pr_debug("device class '%s': registering\n",cls->name);
 
+	if (!class_name_valid(cls->name))
+		return -EINVAL;
+
 	INIT_LIST_HEAD(&cls->children);
 	INIT_LIST_HEAD(&cls->interfaces);
 	kobject_set_name(&cls->subsys.kset.kobj,cls->name);
@@ -267,6 +281,9 @@
 	struct list_head * entry;
 	int error;
 
+	if (!class_name_valid(class_dev->class_id))
+		return -EINVAL;
+
 	class_dev = class_device_get(class_dev);
 	if (!class_dev || !strlen(class_dev->class_id))
 		return -EINVAL;
@@ -348,6 +365,9 @@
 
 int class_device_rename(struct class_device *class_dev, char *new_name)
 {
+	if (!class_name_valid(new_name))
+		return -EINVAL;
+
 	class_dev = class_device_get(class_dev);
 	if (!class_dev)
 		return -EINVAL;
diff -Nru a/include/linux/device.h b/include/linux/device.h
--- a/include/linux/device.h	Mon Jan 12 15:11:55 2004
+++ b/include/linux/device.h	Mon Jan 12 15:11:55 2004
@@ -157,6 +157,7 @@
 	void	(*release)(struct class_device *dev);
 };
 
+extern int class_name_valid(const char *);
 extern int class_register(struct class *);
 extern void class_unregister(struct class *);
 

Re: [PATCH] restrict class names to valid file names

[Greg KH]

On Mon, Jan 12, 2004 at 03:13:57PM -0800, Stephen Hemminger wrote:
> It is possible to name network devices with names like "my/bogus" or "." or ".."
> which leaves /sys/class/net/ a mess.  Since other subsystems could have the same
> problem, it made sense to me to enforce some restrictions in the class device
> layer.
> 
> A lateer patch fixes the network device registration path because the
> sysfs registration takes place after the register_netdevice call has taken place.

Heh, so you will have already "scrubbed" the name before you submit it
to the driver core?  If so, why add this patch?

thanks,

greg k-h

Re: [PATCH] restrict class names to valid file names

[Stephen Hemminger]

On Mon, 12 Jan 2004 16:05:14 -0800
Greg KH <greg@kroah.com> wrote:

> On Mon, Jan 12, 2004 at 03:13:57PM -0800, Stephen Hemminger wrote:
> > It is possible to name network devices with names like "my/bogus" or "." or ".."
> > which leaves /sys/class/net/ a mess.  Since other subsystems could have the same
> > problem, it made sense to me to enforce some restrictions in the class device
> > layer.
> > 
> > A lateer patch fixes the network device registration path because the
> > sysfs registration takes place after the register_netdevice call has taken place.
> 
> Heh, so you will have already "scrubbed" the name before you submit it
> to the driver core?  If so, why add this patch?

Because name won't be scrubbed for the rename case, and other class devices
probably have the same possible problem

Re: [PATCH] restrict class names to valid file names

[Greg KH]

On Mon, Jan 12, 2004 at 04:13:36PM -0800, Stephen Hemminger wrote:
> On Mon, 12 Jan 2004 16:05:14 -0800
> Greg KH <greg@kroah.com> wrote:
> 
> > On Mon, Jan 12, 2004 at 03:13:57PM -0800, Stephen Hemminger wrote:
> > > It is possible to name network devices with names like "my/bogus" or "." or ".."
> > > which leaves /sys/class/net/ a mess.  Since other subsystems could have the same
> > > problem, it made sense to me to enforce some restrictions in the class device
> > > layer.
> > > 
> > > A lateer patch fixes the network device registration path because the
> > > sysfs registration takes place after the register_netdevice call has taken place.
> > 
> > Heh, so you will have already "scrubbed" the name before you submit it
> > to the driver core?  If so, why add this patch?
> 
> Because name won't be scrubbed for the rename case

Why not?  Does that mean that those characters are valid names for
network devices if the device is renamed from userspace?

> , and other class devices probably have the same possible problem

I don't know of any other class device code in the kernel that accepts
userspace input as its name.

thanks,

greg k-h