From: Christian Brauner <brauner@kernel.org>
Date: Thu, 12 Jun 2025 13:25:20 +0000 (+0200)
Subject: coredump: don't allow ".." in coredump socket path
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=edfe3bdbbb52339cd8c2366402f2702c5ebc15c7;p=thirdparty%2Fkernel%2Fstable.git

coredump: don't allow ".." in coredump socket path

There's no point in allowing to walk upwards for the coredump socket.
We already force userspace to give use a sane path, no symlinks, no
magiclinks, and also block "..". Use an absolute path without any
shenanigans.

Link: https://lore.kernel.org/20250612-work-coredump-massage-v1-6-315c0c34ba94@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
---

diff --git a/fs/coredump.c b/fs/coredump.c
index a64b87878ab37..8437bdc26d081 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1418,6 +1418,10 @@ static inline bool check_coredump_socket(void)
 	if (strlen(p) >= UNIX_PATH_MAX)
 		return false;
 
+	/* Must not contain ".." in the path. */
+	if (name_contains_dotdot(core_pattern))
+		return false;
+
 	return true;
 }