From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 31 Mar 2022 09:03:06 +0000 (+0200)
Subject: veritysetup: do some superficial checking on volume name
X-Git-Tag: v251-rc2~236^2~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9959d7828010d2a26de95509309587162770960d;p=thirdparty%2Fsystemd.git

veritysetup: do some superficial checking on volume name

cryptsetup does this too, so let's better be safe here, too.
---

diff --git a/src/veritysetup/veritysetup.c b/src/veritysetup/veritysetup.c
index 3551ed4f3a6..a81e93cb756 100644
--- a/src/veritysetup/veritysetup.c
+++ b/src/veritysetup/veritysetup.c
@@ -146,6 +146,9 @@ static int run(int argc, char *argv[]) {
                 root_hash = argv[5];
                 options = mangle_none(argc > 6 ? argv[6] : NULL);
 
+                if (!filename_is_valid(volume))
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
+
                 r = unhexmem(root_hash, SIZE_MAX, &m, &l);
                 if (r < 0)
                         return log_error_errno(r, "Failed to parse root hash: %m");
@@ -210,6 +213,9 @@ static int run(int argc, char *argv[]) {
 
                 volume = argv[2];
 
+                if (!filename_is_valid(volume))
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
+
                 r = crypt_init_by_name(&cd, volume);
                 if (r == -ENODEV) {
                         log_info("Volume %s already inactive.", volume);