bootspec: validate bootpsec entry ids before we use them

author Lennart Poettering <lennart@poettering.net>

Mon, 4 Mar 2019 18:19:30 +0000 (19:19 +0100)

committer Lennart Poettering <lennart@poettering.net>

Tue, 5 Mar 2019 15:50:58 +0000 (16:50 +0100)
author Lennart Poettering <lennart@poettering.net>
Mon, 4 Mar 2019 18:19:30 +0000 (19:19 +0100)
committer Lennart Poettering <lennart@poettering.net>
Tue, 5 Mar 2019 15:50:58 +0000 (16:50 +0100)
diff --git a/src/shared/bootspec.c b/src/shared/bootspec.c

index 03f86297354c7d9ab46313feedea4118b8fe10a1..39a7a97b1286dbb77f4ffb240568c94669ec5a55 100644 (file)
--- a/src/shared/bootspec.c
+++ b/src/shared/bootspec.c
@@ -66,13 +66,16 @@ static int boot_entry_load(
  
          c = endswith_no_case(path, ".conf");
          if (!c)
-                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid loader entry filename: %s", path);
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid loader entry file suffix: %s", path);
  
          b = basename(path);
          tmp.id = strndup(b, c - b);
          if (!tmp.id)
                  return log_oom();
  
+        if (!efi_loader_entry_name_valid(tmp.id))
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid loader entry filename: %s", path);
+
          tmp.path = strdup(path);
          if (!tmp.path)
                  return log_oom();
@@ -310,6 +313,9 @@ static int boot_entry_load_unified(
          if (!tmp.id)
                  return log_oom();
  
+        if (!efi_loader_entry_name_valid(tmp.id))
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid loader entry: %s", tmp.id);
+
          tmp.path = strdup(path);
          if (!tmp.path)
                  return log_oom();
author	Lennart Poettering <lennart@poettering.net>
	Mon, 4 Mar 2019 18:19:30 +0000 (19:19 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Tue, 5 Mar 2019 15:50:58 +0000 (16:50 +0100)