picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fs-util: rename path_is_safe() → path_is_normalized() 

Already, path_is_safe() refused paths container the "." dir. Doing that
isn't strictly necessary to be "safe" by most definitions of the word.
But it is necessary in order to consider a path "normalized". Hence,
"path_is_safe()" is slightly misleading a name, but
"path_is_normalize()" is more descriptive, hence let's rename things
accordingly.

No functional changes.
This commit is contained in:
Lennart Poettering 2017-10-27 16:28:15 +02:00
parent 5db9818772
commit 99be45a46f
11 changed files with 23 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/basic/cgroup-util.c
View File

@ -1278,7 +1278,7 @@ int cg_split_spec(const char *spec, char **controller, char **path) {
assert(spec); assert(spec);
if (*spec == '/') { if (*spec == '/') {
if (!path_is_safe(spec)) if (!path_is_normalized(spec))
return -EINVAL; return -EINVAL;
if (path) { if (path) {
@ -1331,7 +1331,7 @@ int cg_split_spec(const char *spec, char **controller, char **path) {
return -ENOMEM; return -ENOMEM;
} }
if (!path_is_safe(u) || if (!path_is_normalized(u) ||
!path_is_absolute(u)) { !path_is_absolute(u)) {
free(t); free(t);
free(u); free(u);

4
src/basic/fs-util.c
View File

@ -509,7 +509,7 @@ static int getenv_tmp_dir(const char **ret_path) {
r = -ENOTDIR; r = -ENOTDIR;
goto next; goto next;
} }
if (!path_is_safe(e)) { if (!path_is_normalized(e)) {
r = -EPERM; r = -EPERM;
goto next; goto next;
} }
@ -707,7 +707,7 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
if (errno == ENOENT && if (errno == ENOENT &&
(flags & CHASE_NONEXISTENT) && (flags & CHASE_NONEXISTENT) &&
(isempty(todo) || path_is_safe(todo))) { (isempty(todo) || path_is_normalized(todo))) {
/* If CHASE_NONEXISTENT is set, and the path does not exist, then that's OK, return /* If CHASE_NONEXISTENT is set, and the path does not exist, then that's OK, return
* what we got so far. But don't allow this if the remaining path contains "../ or "./" * what we got so far. But don't allow this if the remaining path contains "../ or "./"

3
src/basic/path-util.c
View File

@ -721,7 +721,7 @@ bool filename_is_valid(const char *p) {
return true; return true;
} }
bool path_is_safe(const char *p) { bool path_is_normalized(const char *p) {
if (isempty(p)) if (isempty(p))
return false; return false;
@ -735,7 +735,6 @@ bool path_is_safe(const char *p) {
if (strlen(p)+1 > PATH_MAX) if (strlen(p)+1 > PATH_MAX)
return false; return false;
/* The following two checks are not really dangerous, but hey, they still are confusing */
if (startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./")) if (startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./"))
return false; return false;

2
src/basic/path-util.h
View File

@ -131,7 +131,7 @@ int parse_path_argument_and_warn(const char *path, bool suppress_root, char **ar
char* dirname_malloc(const char *path); char* dirname_malloc(const char *path);
bool filename_is_valid(const char *p) _pure_; bool filename_is_valid(const char *p) _pure_;
bool path_is_safe(const char *p) _pure_; bool path_is_normalized(const char *p) _pure_;
char *file_in_same_dir(const char *path, const char *filename); char *file_in_same_dir(const char *path, const char *filename);

4
src/basic/unit-name.c
View File

@ -382,7 +382,7 @@ int unit_name_path_escape(const char *f, char **ret) {
if (STR_IN_SET(p, "/", "")) if (STR_IN_SET(p, "/", ""))
s = strdup("-"); s = strdup("-");
else { else {
if (!path_is_safe(p)) if (!path_is_normalized(p))
return -EINVAL; return -EINVAL;
/* Truncate trailing slashes */ /* Truncate trailing slashes */
@ -432,7 +432,7 @@ int unit_name_path_unescape(const char *f, char **ret) {
if (!s) if (!s)
return -ENOMEM; return -ENOMEM;
if (!path_is_safe(s)) { if (!path_is_normalized(s)) {
free(s); free(s);
return -EINVAL; return -EINVAL;
} }

2
src/basic/user-util.c
View File

@ -605,7 +605,7 @@ bool valid_home(const char *p) {
if (!path_is_absolute(p)) if (!path_is_absolute(p))
return false; return false;
if (!path_is_safe(p)) if (!path_is_normalized(p))
return false; return false;
/* Colons are used as field separators, and hence not OK */ /* Colons are used as field separators, and hence not OK */

4
src/core/dbus-execute.c
View File

@ -1862,7 +1862,7 @@ int bus_exec_context_set_transient_property(
if (!path_is_absolute(s)) if (!path_is_absolute(s))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not absolute", s); return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not absolute", s);
if (!path_is_safe(s)) if (!path_is_normalized(s))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not normalized", s); return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not normalized", s);
if (mode != UNIT_CHECK) { if (mode != UNIT_CHECK) {
@ -2462,7 +2462,7 @@ int bus_exec_context_set_transient_property(
return r; return r;
STRV_FOREACH(p, l) { STRV_FOREACH(p, l) {
if (!path_is_safe(*p) || path_is_absolute(*p)) if (!path_is_normalized(*p) || path_is_absolute(*p))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path is not valid: %s", name, *p); return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path is not valid: %s", name, *p);
} }

6
src/core/load-fragment.c
View File

@ -886,7 +886,7 @@ int config_parse_exec_input(
return -EINVAL; return -EINVAL;
} }
if (!path_is_safe(resolved)) { if (!path_is_normalized(resolved)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "file: requires a normalized path name: %s", resolved); log_syntax(unit, LOG_ERR, filename, line, 0, "file: requires a normalized path name: %s", resolved);
return -EINVAL; return -EINVAL;
} }
@ -1077,7 +1077,7 @@ int config_parse_exec_output(
return -EINVAL; return -EINVAL;
} }
if (!path_is_safe(resolved)) { if (!path_is_normalized(resolved)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "file: requires a normalized path name, ignoring: %s", resolved); log_syntax(unit, LOG_ERR, filename, line, 0, "file: requires a normalized path name, ignoring: %s", resolved);
return -EINVAL; return -EINVAL;
} }
@ -4050,7 +4050,7 @@ int config_parse_exec_directories(
continue; continue;
} }
if (!path_is_safe(k) || path_is_absolute(k)) { if (!path_is_normalized(k) || path_is_absolute(k)) {
log_syntax(unit, LOG_ERR, filename, line, 0, log_syntax(unit, LOG_ERR, filename, line, 0,
"%s= path is not valid, ignoring assignment: %s", lvalue, rvalue); "%s= path is not valid, ignoring assignment: %s", lvalue, rvalue);
continue; continue;

2
src/core/unit.c
View File

@ -4460,7 +4460,7 @@ int unit_require_mounts_for(Unit *u, const char *path, UnitDependencyMask mask)
path_kill_slashes(p); path_kill_slashes(p);
if (!path_is_safe(p)) { if (!path_is_normalized(p)) {
free(p); free(p);
return -EPERM; return -EPERM;
} }

4
src/machine/machine-dbus.c
View File

@ -854,12 +854,12 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu
if (r < 0) if (r < 0)
return r; return r;
if (!path_is_absolute(src) || !path_is_safe(src)) if (!path_is_absolute(src) || !path_is_normalized(src))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute and not contain ../."); return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute and not contain ../.");
if (isempty(dest)) if (isempty(dest))
dest = src; dest = src;
else if (!path_is_absolute(dest) || !path_is_safe(dest)) else if (!path_is_absolute(dest) || !path_is_normalized(dest))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute and not contain ../."); return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute and not contain ../.");
r = bus_verify_polkit_async( r = bus_verify_polkit_async(

12
src/mount/mount-tool.c
View File

@ -886,8 +886,8 @@ static int stop_mounts(
return -EINVAL; return -EINVAL;
} }
if (!path_is_safe(where)) { if (!path_is_normalized(where)) {
log_error("Path contains unsafe components: %s", where); log_error("Path contains non-normalized components: %s", where);
return -EINVAL; return -EINVAL;
} }
@ -1568,8 +1568,8 @@ int main(int argc, char* argv[]) {
goto finish; goto finish;
} }
if (!path_is_safe(arg_mount_what)) { if (!path_is_normalized(arg_mount_what)) {
log_error("Path contains unsafe components: %s", arg_mount_what); log_error("Path contains non-normalized components: %s", arg_mount_what);
r = -EINVAL; r = -EINVAL;
goto finish; goto finish;
} }
@ -1592,8 +1592,8 @@ int main(int argc, char* argv[]) {
goto finish; goto finish;
} }
if (!path_is_safe(arg_mount_where)) { if (!path_is_normalized(arg_mount_where)) {
log_error("Path contains unsafe components: %s", arg_mount_where); log_error("Path contains non-normalized components: %s", arg_mount_where);
r = -EINVAL; r = -EINVAL;
goto finish; goto finish;
} }