tree-wide: use CONF_FILES_CHASE_BASENAME where root directory is specified

Otherwise, the result may point to outside of the root directory.

This also sets CONF_FILES_REGULAR and CONF_FILES_FILTER_MASKED, as the
callers will call fopen() or friends for the result, thus the enumerated
results must be non-empty regular files.

diff --git a/src/libsystemd/sd-journal/catalog.c b/src/libsystemd/sd-journal/catalog.c
index 3ca3b2dab4735dbcf34e26bbf3b736d5c53df712..30b7e4a9dec3d44e760b15b989d0b7c85f4661d6 100644 (file)
--- a/src/libsystemd/sd-journal/catalog.c
+++ b/src/libsystemd/sd-journal/catalog.c
@@ -450,7 +450,9 @@ int catalog_update(const char *database, const char *root, const char* const *di
                 dirs = catalog_file_dirs;
 
         _cleanup_strv_free_ char **files = NULL;
-        r = conf_files_list_strv(&files, ".catalog", root, 0, dirs);
+        r = conf_files_list_strv(&files, ".catalog", root,
+                                 CONF_FILES_REGULAR | CONF_FILES_CHASE_BASENAME | CONF_FILES_FILTER_MASKED,
+                                 dirs);
         if (r < 0)
                 return log_error_errno(r, "Failed to get catalog files: %m");
 

diff --git a/src/shared/hwdb-util.c b/src/shared/hwdb-util.c
index 10d6e8ee48eeeaf9e85236be41d94400ec6feed7..5e76024d86669f16c08d02366a7b0a44c280ace4 100644 (file)
--- a/src/shared/hwdb-util.c
+++ b/src/shared/hwdb-util.c
@@ -601,7 +601,9 @@ int hwdb_update(const char *root, const char *hwdb_bin_dir, bool strict, bool co
 
         trie->nodes_count++;
 
-        err = conf_files_list_strv(&files, ".hwdb", root, 0, conf_file_dirs);
+        err = conf_files_list_strv(&files, ".hwdb", root,
+                                   CONF_FILES_REGULAR | CONF_FILES_CHASE_BASENAME | CONF_FILES_FILTER_MASKED,
+                                   conf_file_dirs);
         if (err < 0)
                 return log_error_errno(err, "Failed to enumerate hwdb files: %m");
 

diff --git a/src/shared/install.c b/src/shared/install.c
index 8c6909ddf2e9e25545d4bf2cc28d1451190ffd19..8bf4a64728c29c570e8e418644b1cf89d369447a 100644 (file)
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -3298,7 +3298,9 @@ static int presets_find_config(RuntimeScope scope, const char *root_dir, char **
         else
                 assert_not_reached();
 
-        return conf_files_list_strv(files, ".preset", root_dir, 0, dirs);
+        return conf_files_list_strv(files, ".preset", root_dir,
+                                    CONF_FILES_REGULAR | CONF_FILES_CHASE_BASENAME | CONF_FILES_FILTER_MASKED,
+                                    dirs);
 }
 
 static int read_presets(RuntimeScope scope, const char *root_dir, UnitFilePresets *presets) {

diff --git a/src/udev/udevadm-util.c b/src/udev/udevadm-util.c
index 7952d1dc149c156e1557cea038a014bd5d71f75c..bc0877405b68378b0193cea7e519b8b28cdccf18 100644 (file)
--- a/src/udev/udevadm-util.c
+++ b/src/udev/udevadm-util.c
@@ -282,7 +282,9 @@ static int search_rules_file(const char *s, const char *root, char ***files) {
         if (r == -EISDIR) {
                 _cleanup_strv_free_ char **files_in_dir = NULL;
 
-                r = conf_files_list_strv(&files_in_dir, ".rules", root, 0, (const char* const*) STRV_MAKE_CONST(s));
+                r = conf_files_list_strv(&files_in_dir, ".rules", root,
+                                         CONF_FILES_REGULAR | CONF_FILES_CHASE_BASENAME | CONF_FILES_FILTER_MASKED,
+                                         STRV_MAKE_CONST(s));
                 if (r < 0)
                         return log_error_errno(r, "Failed to enumerate rules files in '%s': %m", resolved);
 
@@ -309,7 +311,9 @@ int search_rules_files(char * const *a, const char *root, char ***ret) {
         assert(ret);
 
         if (strv_isempty(a)) {
-                r = conf_files_list_strv(&files, ".rules", root, 0, (const char* const*) CONF_PATHS_STRV("udev/rules.d"));
+                r = conf_files_list_strv(&files, ".rules", root,
+                                         CONF_FILES_REGULAR | CONF_FILES_CHASE_BASENAME | CONF_FILES_FILTER_MASKED,
+                                         (const char* const*) CONF_PATHS_STRV("udev/rules.d"));
                 if (r < 0)
                         return log_error_errno(r, "Failed to enumerate rules files: %m");
 

diff --git a/test/units/TEST-17-UDEV.verify.sh b/test/units/TEST-17-UDEV.verify.sh
index f9ec6612b44a8ccc73279ce6930ced5d6cfff591..6dd8f3ed3ebd0d4e59cd09cae9736e195b97ff11 100755 (executable)
--- a/test/units/TEST-17-UDEV.verify.sh
+++ b/test/units/TEST-17-UDEV.verify.sh
@@ -130,9 +130,9 @@ assert_1 --root="${workdir}"
 cp "${workdir}/output_0_files" "${exo}"
 assert_0 "${rules_dir}"
 
-# Directory with a loop.
+# Directory with an invalid loop.
 ln -s . "${rules_dir}/loop.rules"
-assert_1 "${rules_dir}"
+assert_0 "${rules_dir}"
 rm "${rules_dir}/loop.rules"
 
 # Empty rules.