udev: check that passed symbolic link path starts with /dev

author Yu Watanabe <watanabe.yu+github@gmail.com>

Wed, 2 Jun 2021 10:25:53 +0000 (19:25 +0900)

committer Yu Watanabe <watanabe.yu+github@gmail.com>

Wed, 2 Jun 2021 12:00:22 +0000 (21:00 +0900)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Wed, 2 Jun 2021 10:25:53 +0000 (19:25 +0900)
committer Yu Watanabe <watanabe.yu+github@gmail.com>
Wed, 2 Jun 2021 12:00:22 +0000 (21:00 +0900)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c

index 5dc205e36406e3afa29669c47b2d1c06b1977d93..422f6028ade04f0e9af6292cef0d108a10d5741c 100644 (file)
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -228,18 +228,23 @@ static size_t escape_path(const char *src, char *dest, size_t size) {
  /* manage "stack of names" with possibly specified device priorities */
  static int link_update(sd_device *dev, const char *slink, bool add) {
          _cleanup_free_ char *filename = NULL, *dirname = NULL;
+        const char *slink_name, *id;
          char name_enc[PATH_MAX];
-        const char *id;
          int i, r, retries;
  
          assert(dev);
          assert(slink);
  
+        slink_name = path_startswith(slink, "/dev");
+        if (!slink_name)
+                return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL),
+                                              "Invalid symbolic link of device node: %s", slink);
+
          r = device_get_device_id(dev, &id);
          if (r < 0)
                  return log_device_debug_errno(dev, r, "Failed to get device id: %m");
  
-        escape_path(slink + STRLEN("/dev"), name_enc, sizeof(name_enc));
+        escape_path(slink_name, name_enc, sizeof(name_enc));
          dirname = path_join("/run/udev/links/", name_enc);
          if (!dirname)
                  return log_oom();
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Wed, 2 Jun 2021 10:25:53 +0000 (19:25 +0900)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Wed, 2 Jun 2021 12:00:22 +0000 (21:00 +0900)