[PATCH v6 7/9] coredump: validate socket name as it is written

[Christian Brauner <brauner@xxxxxxxxxx>]

In contrast to other parameters written into
/proc/sys/kernel/core_pattern that never fail we can validate enabling
the new AF_UNIX support. This is obviously racy as hell but it's always
been that way.

Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx>
---
 fs/coredump.c | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/fs/coredump.c b/fs/coredump.c
index deee52bff6bc..5b9d2e063f8f 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1242,13 +1242,36 @@ void validate_coredump_safety(void)
 	}
 }
 
+static inline bool check_coredump_socket_address(void)
+{
+	if (core_pattern[0] != '@')
+		return true;
+
+	/* Leave enough space for the socket cookie. */
+	if (strcspn(core_pattern, " ") >= (UNIX_PATH_MAX - sizeof(u64)))
+		return false;
+
+	return true;
+}
+
 static int proc_dostring_coredump(const struct ctl_table *table, int write,
 		  void *buffer, size_t *lenp, loff_t *ppos)
 {
-	int error = proc_dostring(table, write, buffer, lenp, ppos);
+	int error;
+	ssize_t retval;
+	char old_core_pattern[CORENAME_MAX_SIZE];
+
+	retval = strscpy(old_core_pattern, core_pattern, CORENAME_MAX_SIZE);
+
+	error = proc_dostring(table, write, buffer, lenp, ppos);
+	if (error)
+		return error;
+	if (!check_coredump_socket_address()) {
+		strscpy(core_pattern, old_core_pattern, retval + 1);
+		return -EINVAL;
+	}
 
-	if (!error)
-		validate_coredump_safety();
+	validate_coredump_safety();
 	return error;
 }
 

-- 
2.47.2