assert(spec);
if (*spec == '/') {
- if (!path_is_safe(spec))
+ if (!path_is_normalized(spec))
return -EINVAL;
if (path) {
return -ENOMEM;
}
- if (!path_is_safe(u) ||
+ if (!path_is_normalized(u) ||
!path_is_absolute(u)) {
free(t);
free(u);
r = -ENOTDIR;
goto next;
}
- if (!path_is_safe(e)) {
+ if (!path_is_normalized(e)) {
r = -EPERM;
goto next;
}
if (errno == ENOENT &&
(flags & CHASE_NONEXISTENT) &&
- (isempty(todo) || path_is_safe(todo))) {
+ (isempty(todo) || path_is_normalized(todo))) {
/* If CHASE_NONEXISTENT is set, and the path does not exist, then that's OK, return
* what we got so far. But don't allow this if the remaining path contains "../ or "./"
return true;
}
-bool path_is_safe(const char *p) {
+bool path_is_normalized(const char *p) {
if (isempty(p))
return false;
if (strlen(p)+1 > PATH_MAX)
return false;
- /* The following two checks are not really dangerous, but hey, they still are confusing */
if (startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./"))
return false;
char* dirname_malloc(const char *path);
bool filename_is_valid(const char *p) _pure_;
-bool path_is_safe(const char *p) _pure_;
+bool path_is_normalized(const char *p) _pure_;
char *file_in_same_dir(const char *path, const char *filename);
if (STR_IN_SET(p, "/", ""))
s = strdup("-");
else {
- if (!path_is_safe(p))
+ if (!path_is_normalized(p))
return -EINVAL;
/* Truncate trailing slashes */
if (!s)
return -ENOMEM;
- if (!path_is_safe(s)) {
+ if (!path_is_normalized(s)) {
free(s);
return -EINVAL;
}
if (!path_is_absolute(p))
return false;
- if (!path_is_safe(p))
+ if (!path_is_normalized(p))
return false;
/* Colons are used as field separators, and hence not OK */
if (!path_is_absolute(s))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not absolute", s);
- if (!path_is_safe(s))
+ if (!path_is_normalized(s))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not normalized", s);
if (mode != UNIT_CHECK) {
return r;
STRV_FOREACH(p, l) {
- if (!path_is_safe(*p) || path_is_absolute(*p))
+ if (!path_is_normalized(*p) || path_is_absolute(*p))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path is not valid: %s", name, *p);
}
return -EINVAL;
}
- if (!path_is_safe(resolved)) {
+ if (!path_is_normalized(resolved)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "file: requires a normalized path name: %s", resolved);
return -EINVAL;
}
return -EINVAL;
}
- if (!path_is_safe(resolved)) {
+ if (!path_is_normalized(resolved)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "file: requires a normalized path name, ignoring: %s", resolved);
return -EINVAL;
}
continue;
}
- if (!path_is_safe(k) || path_is_absolute(k)) {
+ if (!path_is_normalized(k) || path_is_absolute(k)) {
log_syntax(unit, LOG_ERR, filename, line, 0,
"%s= path is not valid, ignoring assignment: %s", lvalue, rvalue);
continue;
path_kill_slashes(p);
- if (!path_is_safe(p)) {
+ if (!path_is_normalized(p)) {
free(p);
return -EPERM;
}
if (r < 0)
return r;
- if (!path_is_absolute(src) || !path_is_safe(src))
+ if (!path_is_absolute(src) || !path_is_normalized(src))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute and not contain ../.");
if (isempty(dest))
dest = src;
- else if (!path_is_absolute(dest) || !path_is_safe(dest))
+ else if (!path_is_absolute(dest) || !path_is_normalized(dest))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute and not contain ../.");
r = bus_verify_polkit_async(
return -EINVAL;
}
- if (!path_is_safe(where)) {
- log_error("Path contains unsafe components: %s", where);
+ if (!path_is_normalized(where)) {
+ log_error("Path contains non-normalized components: %s", where);
return -EINVAL;
}
goto finish;
}
- if (!path_is_safe(arg_mount_what)) {
- log_error("Path contains unsafe components: %s", arg_mount_what);
+ if (!path_is_normalized(arg_mount_what)) {
+ log_error("Path contains non-normalized components: %s", arg_mount_what);
r = -EINVAL;
goto finish;
}
goto finish;
}
- if (!path_is_safe(arg_mount_where)) {
- log_error("Path contains unsafe components: %s", arg_mount_where);
+ if (!path_is_normalized(arg_mount_where)) {
+ log_error("Path contains non-normalized components: %s", arg_mount_where);
r = -EINVAL;
goto finish;
}