>>>>> "Chris" == Chris Evans <chris@scary.beasts.org> writes:
Chris> What's wrong with isalnum() ?
Hm, must admit that I wasn't 100% sure if that's in the kernel lib or an evil
gcc expands it inline to some static array lookup. Now I see that it's
already in the kernel. Do some of you also sometimes wonder why the kernel is
so big ;-) ?
OK, so let's go for the isalnum() version, and don't forget to
#include <linux/ctype.h>
above...
Torsten
For those who joined the program late here's the complete patch:
--- linux/kernel/kmod.c.orig Tue Sep 26 01:18:55 2000
+++ linux/kernel/kmod.c Mon Nov 13 19:09:11 2000
@@ -18,6 +18,7 @@
#include <linux/config.h>
#include <linux/sched.h>
#include <linux/unistd.h>
+#include <linux/ctype.h>
#include <linux/smp_lock.h>
#include <asm/uaccess.h>
@@ -168,6 +169,19 @@
static atomic_t kmod_concurrent = ATOMIC_INIT(0);
#define MAX_KMOD_CONCURRENT 50 /* Completely arbitrary value - KAO */
static int kmod_loop_msg;
+ const char * p;
+
+ /* For security reasons ensure the requested name consists
+ * only of allowed characters. Especially whitespace and
+ * shell metacharacters might confuse modprobe.
+ */
+ for (p = module_name; *p; p++)
+ {
+ if (isalnum(*p) || *p == '_' || *p == '-')
+ continue;
+
+ return -EINVAL;
+ }
/* Don't allow request_module() before the root fs is mounted! */
if ( ! current->fs->root ) {
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Nov 15 2000 - 21:00:24 EST