importd: tighten checks in fds passed to us

author Lennart Poettering <lennart@poettering.net>

Thu, 22 Feb 2024 10:47:34 +0000 (11:47 +0100)

committer Lennart Poettering <lennart@poettering.net>

Fri, 1 Mar 2024 21:25:42 +0000 (22:25 +0100)
author Lennart Poettering <lennart@poettering.net>
Thu, 22 Feb 2024 10:47:34 +0000 (11:47 +0100)
committer Lennart Poettering <lennart@poettering.net>
Fri, 1 Mar 2024 21:25:42 +0000 (22:25 +0100)
diff --git a/src/import/importd.c b/src/import/importd.c

index 47dfb2dfafce59114516ac8c175b46e5eda49e0e..0f6bf71419ed8de5ee5e8995686e3560bf1548b5 100644 (file)
--- a/src/import/importd.c
+++ b/src/import/importd.c
@@ -761,6 +761,10 @@ static int method_import_tar_or_raw(sd_bus_message *msg, void *userdata, sd_bus_
                  SET_FLAG(flags, IMPORT_READ_ONLY, read_only);
          }
  
+        r = fd_verify_safe_flags(fd);
+        if (r < 0)
+                return r;
+
          if (fstat(fd, &st) < 0)
                  return -errno;
  
@@ -858,6 +862,10 @@ static int method_import_fs(sd_bus_message *msg, void *userdata, sd_bus_error *e
                  SET_FLAG(flags, IMPORT_READ_ONLY, read_only);
          }
  
+        r = fd_verify_safe_flags(fd);
+        if (r < 0)
+                return r;
+
          r = fd_verify_directory(fd);
          if (r < 0)
                  return r;
@@ -951,6 +959,10 @@ static int method_export_tar_or_raw(sd_bus_message *msg, void *userdata, sd_bus_
                  return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
                                           "Local name %s is invalid", local);
  
+        r = fd_verify_safe_flags(fd);
+        if (r < 0)
+                return r;
+
          if (fstat(fd, &st) < 0)
                  return -errno;
author	Lennart Poettering <lennart@poettering.net>
	Thu, 22 Feb 2024 10:47:34 +0000 (11:47 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 1 Mar 2024 21:25:42 +0000 (22:25 +0100)