lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 12 Sep 2016 21:29:09 +0200
From:   Miklos Szeredi <mszeredi@...hat.com>
To:     linux-fsdevel@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>
Subject: [PATCH 07/17] vfs: add is_following_link() helper

The remainging instances of ->readlink that don't use generic_readlink are
/proc/$$/fd/N, /proc/$$/map_files/A and /proc/$$/ns/X.  The reason is that
these have special get_link() implementations is that they "jump" to
locations not indicated by the symlink contents.

Since there are so few of these (the fd and map_files ones are essentially
the same), it doesn't make sense to create a separate i_op method for them.
This patch adds a helper: is_following_link() by which the two different
modes of operation can be differentiated by the special get_link()
implementations.

Also add a WARN_ON_ONCE() in generic_readlink() to prevent misuse.

Signed-off-by: Miklos Szeredi <mszeredi@...hat.com>
---
 fs/namei.c            | 9 +++++++++
 include/linux/namei.h | 1 +
 2 files changed, 10 insertions(+)

diff --git a/fs/namei.c b/fs/namei.c
index c06a68b82088..f72c405d1a27 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -880,6 +880,11 @@ void nd_jump_link(struct path *path)
 	nd->flags |= LOOKUP_JUMPED;
 }
 
+bool is_following_link(void)
+{
+	return current->nameidata;
+}
+
 static inline void put_link(struct nameidata *nd)
 {
 	struct saved *last = nd->stack + --nd->depth;
@@ -4670,6 +4675,10 @@ int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
 		link = inode->i_op->get_link(dentry, inode, &done);
 		if (IS_ERR(link))
 			return PTR_ERR(link);
+
+		/* "jumping" is unacceptable, warn and return error */
+		if (WARN_ON_ONCE(!link))
+			return -EIO;
 	}
 	res = readlink_copy(buffer, buflen, link);
 	do_delayed_call(&done);
diff --git a/include/linux/namei.h b/include/linux/namei.h
index f29abda31e6d..ec7b8ccfe064 100644
--- a/include/linux/namei.h
+++ b/include/linux/namei.h
@@ -90,6 +90,7 @@ extern struct dentry *lock_rename(struct dentry *, struct dentry *);
 extern void unlock_rename(struct dentry *, struct dentry *);
 
 extern void nd_jump_link(struct path *path);
+extern bool is_following_link(void);
 
 static inline void nd_terminate_link(void *name, size_t len, size_t maxlen)
 {
-- 
2.5.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ