From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 25 May 2021 15:25:40 +0000 (+0200)
Subject: load-fragment: validate paths properly
X-Git-Tag: v249-rc1~154
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=108144adea838b281fe1f60dfa75542fe4c82d4b;p=thirdparty%2Fsystemd.git

load-fragment: validate paths properly

The comment suggests we validate paths here, but we actually didn't, we
only validated filenames. Let' fix that.

(Note this still lets any kind of paths through, including those with
".." and stuff, this is not a normalization check after all)
---

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 72378a40827..ff6eaf32ef6 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -789,7 +789,7 @@ int config_parse_exec(
                         return ignore ? 0 : -ENOEXEC;
                 }
 
-                if (!path_is_absolute(path) && !filename_is_valid(path)) {
+                if (!(path_is_absolute(path) ? path_is_valid(path) : filename_is_valid(path))) {
                         log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
                                    "Neither a valid executable name nor an absolute path%s: %s",
                                    ignore ? ", ignoring" : "", path);