Re: [PATCH] proc: use strnlen() for name validation in __proc_create

Next message: Krzysztof Kozlowski: "Re: [PATCH 2/2] powerpc: Run typos -w"
Previous message: Greg Kroah-Hartman: "Re: [PATCH net v2] ipv6: rpl: reserve mac_len headroom when recompressed SRH grows"
In reply to: Thorsten Blum: "[PATCH] proc: use strnlen() for name validation in __proc_create"
Next in thread: Alexey Dobriyan: "Re: [PATCH] proc: use strnlen() for name validation in __proc_create"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jan Kara

Date: Tue Apr 21 2026 - 08:45:13 EST

On Tue 21-04-26 14:26:47, Thorsten Blum wrote:
> Replace strlen(fn) with strnlen(fn, NAME_MAX + 1) when validating the
> final path component in __proc_create().
>
> This preserves the existing name limit while bounding the length scan to
> one byte past the maximum name length. Handle empty names separately,
> and treat names longer than NAME_MAX as too long.
>
> Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@xxxxxxx>

Honza

> ---
> fs/proc/generic.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/fs/proc/generic.c b/fs/proc/generic.c
> index 8bb81e58c9d8..3063080f3bb2 100644
> --- a/fs/proc/generic.c
> +++ b/fs/proc/generic.c
> @@ -427,9 +427,13 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent,
> if (xlate_proc_name(name, parent, &fn) != 0)
> goto out;
> qstr.name = fn;
> - qstr.len = strlen(fn);
> - if (qstr.len == 0 || qstr.len >= 256) {
> - WARN(1, "name len %u\n", qstr.len);
> + qstr.len = strnlen(fn, NAME_MAX + 1);
> + if (qstr.len == 0) {
> + WARN(1, "empty name\n");
> + return NULL;
> + }
> + if (qstr.len > NAME_MAX) {
> + WARN(1, "name too long\n");
> return NULL;
> }
> if (qstr.len == 1 && fn[0] == '.') {
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR