From: Daan De Meyer Date: Wed, 25 Mar 2026 14:16:55 +0000 (+0100) Subject: vmspawn: Fix --tpm-state= parsing X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5442fbfb07883870dababb1252609dcf173f8ece;p=thirdparty%2Fsystemd.git vmspawn: Fix --tpm-state= parsing path_startswith() considers "no" and "./no" equal. Use startswith() to avoid that. --- diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c index b017ce85b62..a197132c043 100644 --- a/src/vmspawn/vmspawn.c +++ b/src/vmspawn/vmspawn.c @@ -746,43 +746,49 @@ static int parse_argv(int argc, char *argv[]) { break; case ARG_TPM_STATE: - if (path_is_valid(optarg) && (path_is_absolute(optarg) || path_startswith(optarg, "./"))) { - r = parse_path_argument(optarg, /* suppress_root= */ false, &arg_tpm_state_path); - if (r < 0) - return r; - - arg_tpm_state_mode = STATE_PATH; - break; - } - r = isempty(optarg) ? false : streq(optarg, "auto") ? true : parse_boolean(optarg); + if (r >= 0) { + arg_tpm_state_mode = r ? STATE_AUTO : STATE_OFF; + arg_tpm_state_path = mfree(arg_tpm_state_path); + break; + } + + if (!path_is_valid(optarg)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid path in --tpm-state= parameter: %s", optarg); + + if (!path_is_absolute(optarg) && !startswith(optarg, "./")) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Path in --tpm-state= parameter must be absolute or start with './': %s", optarg); + + r = parse_path_argument(optarg, /* suppress_root= */ false, &arg_tpm_state_path); if (r < 0) - return log_error_errno(r, "Failed to parse --tpm-state= parameter: %s", optarg); + return r; - arg_tpm_state_mode = r ? STATE_AUTO : STATE_OFF; - arg_tpm_state_path = mfree(arg_tpm_state_path); + arg_tpm_state_mode = STATE_PATH; break; case ARG_EFI_NVRAM_STATE: - if (path_is_valid(optarg) && (path_is_absolute(optarg) || path_startswith(optarg, "./"))) { - r = parse_path_argument(optarg, /* suppress_root= */ false, &arg_efi_nvram_state_path); - if (r < 0) - return r; - - arg_efi_nvram_state_mode = STATE_PATH; - break; - } - r = isempty(optarg) ? false : streq(optarg, "auto") ? true : parse_boolean(optarg); + if (r >= 0) { + arg_efi_nvram_state_mode = r ? STATE_AUTO : STATE_OFF; + arg_efi_nvram_state_path = mfree(arg_efi_nvram_state_path); + break; + } + + if (!path_is_valid(optarg)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid path in --efi-nvram-state= parameter: %s", optarg); + + if (!path_is_absolute(optarg) && !startswith(optarg, "./")) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Path in --efi-nvram-state= parameter must be absolute or start with './': %s", optarg); + + r = parse_path_argument(optarg, /* suppress_root= */ false, &arg_efi_nvram_state_path); if (r < 0) - return log_error_errno(r, "Failed to parse --efi-nvram-state= parameter: %s", optarg); + return r; - arg_efi_nvram_state_mode = r ? STATE_AUTO : STATE_OFF; - arg_efi_nvram_state_path = mfree(arg_efi_nvram_state_path); + arg_efi_nvram_state_mode = STATE_PATH; break; case ARG_NO_ASK_PASSWORD: