From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 6 Oct 2021 15:04:16 +0000 (+0200)
Subject: cgroups-show: validate specified hostname before including it in fs path
X-Git-Tag: v250-rc1~555^2~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=40d4320deae38db40e0c728cd07b0d7c1bb95606;p=thirdparty%2Fsystemd.git

cgroups-show: validate specified hostname before including it in fs path

let's make sure the specified hostname is really valid before we build
an fs path from it. Just as a safety future, so that people can't trick
us with hostnames including "/../" or so.
---

diff --git a/src/shared/cgroup-show.c b/src/shared/cgroup-show.c
index bdc35492d03..4c0bb49108b 100644
--- a/src/shared/cgroup-show.c
+++ b/src/shared/cgroup-show.c
@@ -14,6 +14,7 @@
 #include "env-file.h"
 #include "fd-util.h"
 #include "format-util.h"
+#include "hostname-util.h"
 #include "locale-util.h"
 #include "macro.h"
 #include "output-mode.h"
@@ -355,14 +356,17 @@ int show_cgroup_get_path_and_warn(
                 const char *prefix,
                 char **ret) {
 
-        int r;
         _cleanup_free_ char *root = NULL;
+        int r;
 
         if (machine) {
                 _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
                 _cleanup_free_ char *unit = NULL;
                 const char *m;
 
+                if (!hostname_is_valid(machine, 0))
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Machine name is not valid: %s", machine);
+
                 m = strjoina("/run/systemd/machines/", machine);
                 r = parse_env_file(NULL, m, "SCOPE", &unit);
                 if (r < 0)