core: disallow using '-.service' as a service name

author Anita Zhang <the.anitazha@gmail.com>

Fri, 4 Oct 2019 23:03:04 +0000 (16:03 -0700)

committer Anita Zhang <the.anitazha@gmail.com>

Mon, 7 Oct 2019 19:02:12 +0000 (12:02 -0700)
author Anita Zhang <the.anitazha@gmail.com>
Fri, 4 Oct 2019 23:03:04 +0000 (16:03 -0700)
committer Anita Zhang <the.anitazha@gmail.com>
Mon, 7 Oct 2019 19:02:12 +0000 (12:02 -0700)
diff --git a/src/basic/special.h b/src/basic/special.h

index add1c1d507e87fae81056934c597619c97d69267..6475501078a381b9e3537089b91eecb05d554596 100644 (file)
--- a/src/basic/special.h
+++ b/src/basic/special.h
@@ -105,3 +105,7 @@
  
  /* The root directory. */
  #define SPECIAL_ROOT_MOUNT "-.mount"
+
+/* Used to apply settings to all services through drop-ins.
+ * Should not exist as an actual service. */
+#define SPECIAL_ROOT_SERVICE "-.service"
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c

index 4226f3014d5c24c9dcadc0ac943c1ad3e8e699eb..ecbf5ae7f5de3da2e339d3ca984257e17d3e5961 100644 (file)
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -665,6 +665,31 @@ good:
          return 0;
  }
  
+bool service_unit_name_is_valid(const char *name) {
+        _cleanup_free_ char *prefix = NULL, *s = NULL;
+        const char *e, *service_name = name;
+
+        if (!unit_name_is_valid(name, UNIT_NAME_ANY))
+                return false;
+
+        e = endswith(name, ".service");
+        if (!e)
+                return false;
+
+        /* If it's a template or instance, get the prefix as a service name. */
+        if (unit_name_is_valid(name, UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE)) {
+                assert_se(unit_name_to_prefix(name, &prefix) == 0);
+                assert_se(s = strjoin(prefix, ".service"));
+                service_name = s;
+        }
+
+        /* Reject reserved service name(s). */
+        if (streq(service_name, SPECIAL_ROOT_SERVICE))
+                return false;
+
+        return true;
+}
+
  int slice_build_parent_slice(const char *slice, char **ret) {
          char *s, *dash;
          int r;
diff --git a/src/basic/unit-name.h b/src/basic/unit-name.h

index 2e060ff3e830e2d387d7a7c13751a8a997695fa4..ddcfc1b34986487ead30b6ec745859934c113bc5 100644 (file)
--- a/src/basic/unit-name.h
+++ b/src/basic/unit-name.h
@@ -58,6 +58,8 @@ static inline int unit_name_mangle(const char *name, UnitNameMangle flags, char
          return unit_name_mangle_with_suffix(name, flags, ".service", ret);
  }
  
+bool service_unit_name_is_valid(const char *name);
+
  int slice_build_parent_slice(const char *slice, char **ret);
  int slice_build_subslice(const char *slice, const char *name, char **subslice);
  bool slice_name_is_valid(const char *name);
diff --git a/src/core/service.c b/src/core/service.c

index ada25e634a063f5c169968f134456590948863e8..6880b24535b1686fd4193723323e6afa12d40f80 100644 (file)
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -552,6 +552,11 @@ static int service_verify(Service *s) {
          if (UNIT(s)->load_state != UNIT_LOADED)
                  return 0;
  
+        if (!service_unit_name_is_valid(UNIT(s)->id)) {
+                log_unit_error(UNIT(s), "Service name is invalid or reserved. Refusing.");
+                return -ENOEXEC;
+        }
+
          if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
              && UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
                  /* FailureAction= only makes sense if one of the start or stop commands is specified.
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c

index 25c649828ef1634800e95cee7fcfee947d3c570e..aa072c4ca8220d0b58fa4dc3e9e8fe415f27a622 100644 (file)
--- a/src/test/test-unit-name.c
+++ b/src/test/test-unit-name.c
@@ -355,6 +355,24 @@ static void test_unit_name_build(void) {
          free(t);
  }
  
+static void test_service_unit_name_is_valid(void) {
+        assert_se(service_unit_name_is_valid("foo.service"));
+        assert_se(service_unit_name_is_valid("foo@bar.service"));
+        assert_se(service_unit_name_is_valid("foo@bar@bar.service"));
+        assert_se(service_unit_name_is_valid("--.service"));
+        assert_se(service_unit_name_is_valid(".-.service"));
+        assert_se(service_unit_name_is_valid("-foo-bar.service"));
+        assert_se(service_unit_name_is_valid("-foo-bar-.service"));
+        assert_se(service_unit_name_is_valid("foo-bar-.service"));
+
+        assert_se(!service_unit_name_is_valid("-.service"));
+        assert_se(!service_unit_name_is_valid(""));
+        assert_se(!service_unit_name_is_valid("foo.slice"));
+        assert_se(!service_unit_name_is_valid("@.service"));
+        assert_se(!service_unit_name_is_valid("@bar.service"));
+        assert_se(!service_unit_name_is_valid("-@.service"));
+}
+
  static void test_slice_name_is_valid(void) {
          assert_se( slice_name_is_valid(SPECIAL_ROOT_SLICE));
          assert_se( slice_name_is_valid("foo.slice"));
@@ -840,6 +858,7 @@ int main(int argc, char* argv[]) {
          test_unit_prefix_is_valid();
          test_unit_name_change_suffix();
          test_unit_name_build();
+        test_service_unit_name_is_valid();
          test_slice_name_is_valid();
          test_build_subslice();
          test_build_parent_slice();
author	Anita Zhang <the.anitazha@gmail.com>
	Fri, 4 Oct 2019 23:03:04 +0000 (16:03 -0700)
committer	Anita Zhang <the.anitazha@gmail.com>
	Mon, 7 Oct 2019 19:02:12 +0000 (12:02 -0700)
src/basic/special.h		patch \| blob \| blame \| history
src/basic/unit-name.c		patch \| blob \| blame \| history
src/basic/unit-name.h		patch \| blob \| blame \| history
src/core/service.c		patch \| blob \| blame \| history
src/test/test-unit-name.c		patch \| blob \| blame \| history