From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 3 Aug 2024 05:25:16 +0000 (+0900)
Subject: core: refuse credentials with invalid names matching with glob
X-Git-Tag: v257-rc1~751^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F33916%2Fhead;p=thirdparty%2Fsystemd.git

core: refuse credentials with invalid names matching with glob

Even if the glob pattern is valid, the pattern may match credentials
with invalid names. So, we need to check the names of the found
credentials.

Follow-up for 947c4d3952e30604b97f657dca08f93a0a8f4bae.
---

diff --git a/src/core/exec-credential.c b/src/core/exec-credential.c
index e1b09f67189..45cb7f5ce22 100644
--- a/src/core/exec-credential.c
+++ b/src/core/exec-credential.c
@@ -502,6 +502,11 @@ static int load_credential_glob(
                                 free_and_replace(fn, renamed);
                         }
 
+                        if (!credential_name_valid(fn)) {
+                                log_debug("Skipping credential with invalid name: %s", fn);
+                                continue;
+                        }
+
                         if (faccessat(write_dfd, fn, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) {
                                 log_debug("Skipping credential with duplicated ID %s at %s", fn, *p);
                                 continue;
diff --git a/test/units/TEST-54-CREDS.sh b/test/units/TEST-54-CREDS.sh
index f0e69328258..29b789d3616 100755
--- a/test/units/TEST-54-CREDS.sh
+++ b/test/units/TEST-54-CREDS.sh
@@ -279,6 +279,24 @@ echo -n ignored >/run/credstore/test.creds.second
 mkdir -p /etc/credstore
 echo -n b >/etc/credstore/test.creds.second
 echo -n c >/etc/credstore/test.creds.third
+# Credential name cannot contain ':'
+echo -n hoge >/etc/credstore/test.creds.hoge:invalid
+
+# Check if credentials with invalid names are not imported.
+systemd-run -p "ImportCredential=test.creds.*" \
+            --unit=test-54-ImportCredential.service \
+            -p DynamicUser=1 \
+            --wait \
+            --pipe \
+            test ! -e '${CREDENTIALS_DIRECTORY}/test.creds.hoge:invalid'
+
+# Check if credentials with invalid names are not imported (with renaming).
+systemd-run -p "ImportCredentialEx=test.creds.*:renamed.creds." \
+            --unit=test-54-ImportCredential.service \
+            -p DynamicUser=1 \
+            --wait \
+            --pipe \
+            test ! -e '${CREDENTIALS_DIRECTORY}/renamed.creds.hoge:invalid'
 
 # Check that all valid credentials are imported.
 systemd-run -p "ImportCredential=test.creds.*" \