mirror of
https://github.com/systemd/systemd.git
synced 2024-11-27 04:03:36 +08:00
fs-util: rename path_is_safe() → path_is_normalized()
Already, path_is_safe() refused paths container the "." dir. Doing that isn't strictly necessary to be "safe" by most definitions of the word. But it is necessary in order to consider a path "normalized". Hence, "path_is_safe()" is slightly misleading a name, but "path_is_normalize()" is more descriptive, hence let's rename things accordingly. No functional changes.
This commit is contained in:
Lennart Poettering
parent
5db9818772
commit
99be45a46f
@ -1278,7 +1278,7 @@ int cg_split_spec(const char *spec, char **controller, char **path) {
|
||||
assert(spec);
|
||||
|
||||
if (*spec == '/') {
|
||||
if (!path_is_safe(spec))
|
||||
if (!path_is_normalized(spec))
|
||||
return -EINVAL;
|
||||
|
||||
if (path) {
|
||||
@ -1331,7 +1331,7 @@ int cg_split_spec(const char *spec, char **controller, char **path) {
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
if (!path_is_safe(u) ||
|
||||
if (!path_is_normalized(u) ||
|
||||
!path_is_absolute(u)) {
|
||||
free(t);
|
||||
free(u);
|
||||
|
||||
@ -509,7 +509,7 @@ static int getenv_tmp_dir(const char **ret_path) {
|
||||
r = -ENOTDIR;
|
||||
goto next;
|
||||
}
|
||||
if (!path_is_safe(e)) {
|
||||
if (!path_is_normalized(e)) {
|
||||
r = -EPERM;
|
||||
goto next;
|
||||
}
|
||||
@ -707,7 +707,7 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
|
||||
|
||||
if (errno == ENOENT &&
|
||||
(flags & CHASE_NONEXISTENT) &&
|
||||
(isempty(todo) || path_is_safe(todo))) {
|
||||
(isempty(todo) || path_is_normalized(todo))) {
|
||||
|
||||
/* If CHASE_NONEXISTENT is set, and the path does not exist, then that's OK, return
|
||||
* what we got so far. But don't allow this if the remaining path contains "../ or "./"
|
||||
|
||||
@ -721,7 +721,7 @@ bool filename_is_valid(const char *p) {
|
||||
return true;
|
||||
}
|
||||
|
||||
bool path_is_safe(const char *p) {
|
||||
bool path_is_normalized(const char *p) {
|
||||
|
||||
if (isempty(p))
|
||||
return false;
|
||||
@ -735,7 +735,6 @@ bool path_is_safe(const char *p) {
|
||||
if (strlen(p)+1 > PATH_MAX)
|
||||
return false;
|
||||
|
||||
/* The following two checks are not really dangerous, but hey, they still are confusing */
|
||||
if (startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./"))
|
||||
return false;
|
||||
|
||||
|
||||
@ -131,7 +131,7 @@ int parse_path_argument_and_warn(const char *path, bool suppress_root, char **ar
|
||||
char* dirname_malloc(const char *path);
|
||||
|
||||
bool filename_is_valid(const char *p) _pure_;
|
||||
bool path_is_safe(const char *p) _pure_;
|
||||
bool path_is_normalized(const char *p) _pure_;
|
||||
|
||||
char *file_in_same_dir(const char *path, const char *filename);
|
||||
|
||||
|
||||
@ -382,7 +382,7 @@ int unit_name_path_escape(const char *f, char **ret) {
|
||||
if (STR_IN_SET(p, "/", ""))
|
||||
s = strdup("-");
|
||||
else {
|
||||
if (!path_is_safe(p))
|
||||
if (!path_is_normalized(p))
|
||||
return -EINVAL;
|
||||
|
||||
/* Truncate trailing slashes */
|
||||
@ -432,7 +432,7 @@ int unit_name_path_unescape(const char *f, char **ret) {
|
||||
if (!s)
|
||||
return -ENOMEM;
|
||||
|
||||
if (!path_is_safe(s)) {
|
||||
if (!path_is_normalized(s)) {
|
||||
free(s);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
@ -605,7 +605,7 @@ bool valid_home(const char *p) {
|
||||
if (!path_is_absolute(p))
|
||||
return false;
|
||||
|
||||
if (!path_is_safe(p))
|
||||
if (!path_is_normalized(p))
|
||||
return false;
|
||||
|
||||
/* Colons are used as field separators, and hence not OK */
|
||||
|
||||
@ -1862,7 +1862,7 @@ int bus_exec_context_set_transient_property(
|
||||
|
||||
if (!path_is_absolute(s))
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not absolute", s);
|
||||
if (!path_is_safe(s))
|
||||
if (!path_is_normalized(s))
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not normalized", s);
|
||||
|
||||
if (mode != UNIT_CHECK) {
|
||||
@ -2462,7 +2462,7 @@ int bus_exec_context_set_transient_property(
|
||||
return r;
|
||||
|
||||
STRV_FOREACH(p, l) {
|
||||
if (!path_is_safe(*p) || path_is_absolute(*p))
|
||||
if (!path_is_normalized(*p) || path_is_absolute(*p))
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path is not valid: %s", name, *p);
|
||||
}
|
||||
|
||||
|
||||
@ -886,7 +886,7 @@ int config_parse_exec_input(
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!path_is_safe(resolved)) {
|
||||
if (!path_is_normalized(resolved)) {
|
||||
log_syntax(unit, LOG_ERR, filename, line, 0, "file: requires a normalized path name: %s", resolved);
|
||||
return -EINVAL;
|
||||
}
|
||||
@ -1077,7 +1077,7 @@ int config_parse_exec_output(
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!path_is_safe(resolved)) {
|
||||
if (!path_is_normalized(resolved)) {
|
||||
log_syntax(unit, LOG_ERR, filename, line, 0, "file: requires a normalized path name, ignoring: %s", resolved);
|
||||
return -EINVAL;
|
||||
}
|
||||
@ -4050,7 +4050,7 @@ int config_parse_exec_directories(
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!path_is_safe(k) || path_is_absolute(k)) {
|
||||
if (!path_is_normalized(k) || path_is_absolute(k)) {
|
||||
log_syntax(unit, LOG_ERR, filename, line, 0,
|
||||
"%s= path is not valid, ignoring assignment: %s", lvalue, rvalue);
|
||||
continue;
|
||||
|
||||
@ -4460,7 +4460,7 @@ int unit_require_mounts_for(Unit *u, const char *path, UnitDependencyMask mask)
|
||||
|
||||
path_kill_slashes(p);
|
||||
|
||||
if (!path_is_safe(p)) {
|
||||
if (!path_is_normalized(p)) {
|
||||
free(p);
|
||||
return -EPERM;
|
||||
}
|
||||
|
||||
@ -854,12 +854,12 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (!path_is_absolute(src) || !path_is_safe(src))
|
||||
if (!path_is_absolute(src) || !path_is_normalized(src))
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute and not contain ../.");
|
||||
|
||||
if (isempty(dest))
|
||||
dest = src;
|
||||
else if (!path_is_absolute(dest) || !path_is_safe(dest))
|
||||
else if (!path_is_absolute(dest) || !path_is_normalized(dest))
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute and not contain ../.");
|
||||
|
||||
r = bus_verify_polkit_async(
|
||||
|
||||
@ -886,8 +886,8 @@ static int stop_mounts(
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!path_is_safe(where)) {
|
||||
log_error("Path contains unsafe components: %s", where);
|
||||
if (!path_is_normalized(where)) {
|
||||
log_error("Path contains non-normalized components: %s", where);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
@ -1568,8 +1568,8 @@ int main(int argc, char* argv[]) {
|
||||
goto finish;
|
||||
}
|
||||
|
||||
if (!path_is_safe(arg_mount_what)) {
|
||||
log_error("Path contains unsafe components: %s", arg_mount_what);
|
||||
if (!path_is_normalized(arg_mount_what)) {
|
||||
log_error("Path contains non-normalized components: %s", arg_mount_what);
|
||||
r = -EINVAL;
|
||||
goto finish;
|
||||
}
|
||||
@ -1592,8 +1592,8 @@ int main(int argc, char* argv[]) {
|
||||
goto finish;
|
||||
}
|
||||
|
||||
if (!path_is_safe(arg_mount_where)) {
|
||||
log_error("Path contains unsafe components: %s", arg_mount_where);
|
||||
if (!path_is_normalized(arg_mount_where)) {
|
||||
log_error("Path contains non-normalized components: %s", arg_mount_where);
|
||||
r = -EINVAL;
|
||||
goto finish;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user