Unverified Commit 3e914feb authored Jan 07, 2025 by David Howells Committed by Christian Brauner Jan 10, 2025

afs: Add rootcell checks



Add some checks for the validity of the cell name.  It's may get put into a
symlink, so preclude it containing any slashes or "..".  Also disallow
starting/ending with a dot.  This makes /afs/@cell/ as a symlink less of a
security risk.

Also disallow multiple setting of /proc/net/afs/rootcell for any given
network namespace.  Once set, the value may not be changed.  This makes it
easier to only create /afs/@cell and /afs/.@cell if there's a rootcell.

Signed-off-by: David Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/r/20250107183454.608451-3-dhowells@redhat.com


cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: Christian Brauner <brauner@kernel.org>

parent 92f08e9d

fs/afs/cell.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -367,6 +367,14 @@ int afs_cell_init(struct afs_net net, const char rootcell)
		len = cp - rootcell;
		}

		if (len == 0 \|\| !rootcell[0] \|\| rootcell[0] == '.' \|\| rootcell[len - 1] == '.')
		return -EINVAL;
		if (memchr(rootcell, '/', len))
		return -EINVAL;
		cp = strstr(rootcell, "..");
		if (cp && cp < rootcell + len)
		return -EINVAL;

		/* allocate a cell record for the root cell */
		new_root = afs_lookup_cell(net, rootcell, len, vllist, false);
		if (IS_ERR(new_root)) {

fs/afs/proc.c

+7 −1

Original line number	Diff line number	Diff line
		@@ -240,7 +240,13 @@ static int afs_proc_rootcell_write(struct file file, char buf, size_t size)
		/* determine command to perform */
		_debug("rootcell=%s", buf);

		ret = -EEXIST;
		inode_lock(file_inode(file));
		if (!net->ws_cell)
		ret = afs_cell_init(net, buf);
		else
		printk("busy\n");
		inode_unlock(file_inode(file));

		out:
		_leave(" = %d", ret);