From 3126ee2f26248928c829a741760f3047a56bfa3e Mon Sep 17 00:00:00 2001 From: Ksawlii Date: Sun, 24 Nov 2024 00:23:16 +0100 Subject: [PATCH] Revert "firmware_loader: Block path traversal" This reverts commit 4f7ce3864efd1edbf18b27b30efc72f6ae0f08fc. --- drivers/base/firmware_loader/main.c | 30 ----------------------------- 1 file changed, 30 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 29753bd53..9dbfdf9a5 100755 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -787,26 +787,6 @@ static void fw_abort_batch_reqs(struct firmware *fw) mutex_unlock(&fw_lock); } -/* - * Reject firmware file names with ".." path components. - * There are drivers that construct firmware file names from device-supplied - * strings, and we don't want some device to be able to tell us "I would like to - * be sent my firmware from ../../../etc/shadow, please". - * - * Search for ".." surrounded by either '/' or start/end of string. - * - * This intentionally only looks at the firmware name, not at the firmware base - * directory or at symlink contents. - */ -static bool name_contains_dotdot(const char *name) -{ - size_t name_len = strlen(name); - - return strcmp(name, "..") == 0 || strncmp(name, "../", 3) == 0 || - strstr(name, "/../") != NULL || - (name_len >= 3 && strcmp(name+name_len-3, "/..") == 0); -} - /* called from request_firmware() and request_firmware_work_func() */ static int _request_firmware(const struct firmware **firmware_p, const char *name, @@ -825,14 +805,6 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out; } - if (name_contains_dotdot(name)) { - dev_warn(device, - "Firmware load for '%s' refused, path contains '..' component\n", - name); - ret = -EINVAL; - goto out; - } - ret = _request_firmware_prepare(&fw, name, device, buf, size, offset, opt_flags); if (ret <= 0) /* error or already assigned */ @@ -888,8 +860,6 @@ _request_firmware(const struct firmware **firmware_p, const char *name, * @name will be used as $FIRMWARE in the uevent environment and * should be distinctive enough not to be confused with any other * firmware image for this or any other device. - * It must not contain any ".." path components - "foo/bar..bin" is - * allowed, but "foo/../bar.bin" is not. * * Caller must hold the reference count of @device. *