proc: reject "." and ".." as filenames

Various subsystems can create files and directories in /proc with names
directly controlled by userspace.

Which means "/", "." and ".." are no-no.

"/" split is already taken care of, do the other 2 prohibited names.

Link: http://lkml.kernel.org/r/20180310001223.GB12443@avx2
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Acked-by: Florian Westphal <fw@strlen.de>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/fs/proc/generic.c b/fs/proc/generic.c
index 800247a256c9395b54fbb4f0d25b3fb72c6a3948..5dad2e89007bf841fee2426636e9bcb961b10ff2 100644 (file)
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -366,6 +366,14 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent,
                WARN(1, "name len %u\n", qstr.len);
                return NULL;
        }
+       if (qstr.len == 1 && fn[0] == '.') {
+               WARN(1, "name '.'\n");
+               return NULL;
+       }
+       if (qstr.len == 2 && fn[0] == '.' && fn[1] == '.') {
+               WARN(1, "name '..'\n");
+               return NULL;
+       }
        if (*parent == &proc_root && name_to_int(&qstr) != ~0U) {
                WARN(1, "create '/proc/%s' by hand\n", qstr.name);
                return NULL;