virtiofs: forbid newlines in tags · tjh.dev/kernel@40488cc

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

virtiofs: forbid newlines in tags

Newlines in virtiofs tags are awkward for users and potential vectors
for string injection attacks.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

authored by

Stefan Hajnoczi and committed by

Miklos Szeredi 2 years ago 40488cc1 b401b621

+10

1 changed file

expand all

fuse

virtio_fs.c

+10

fs/fuse/virtio_fs.c

··· 323 323 return -ENOMEM; 324 324 memcpy(fs->tag, tag_buf, len); 325 325 fs->tag[len] = '\0'; 326 + 327 + /* While the VIRTIO specification allows any character, newlines are 328 + * awkward on mount(8) command-lines and cause problems in the sysfs 329 + * "tag" attr and uevent TAG= properties. Forbid them. 330 + */ 331 + if (strchr(fs->tag, '\n')) { 332 + dev_dbg(&vdev->dev, "refusing virtiofs tag with newline character\n"); 333 + return -EINVAL; 334 + } 335 + 326 336 return 0; 327 337 } 328 338