From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 7 May 2025 13:23:00 +0000 (+0200)
Subject: bless-boot: switch from last_path_component() to path_find_last_component()
X-Git-Tag: v258-rc1~647^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7a8372a9f1380d5e178accc3d5379dd2857da33a;p=thirdparty%2Fsystemd.git

bless-boot: switch from last_path_component() to path_find_last_component()

Using path_find_last_component() means special cases such as the root dir
and paths referencing dirs are detected and refused.
---

diff --git a/src/bless-boot/bless-boot.c b/src/bless-boot/bless-boot.c
index b3205dec363..c41a948549b 100644
--- a/src/bless-boot/bless-boot.c
+++ b/src/bless-boot/bless-boot.c
@@ -215,11 +215,9 @@ static int acquire_boot_count_path(
                 uint64_t *ret_done,
                 char **ret_suffix) {
 
-        _cleanup_free_ char *path = NULL, *prefix = NULL, *suffix = NULL;
-        const char *last, *e;
-        uint64_t left, done;
         int r;
 
+        _cleanup_free_ char *path = NULL;
         r = efi_get_variable_path(EFI_LOADER_VARIABLE_STR("LoaderBootCountPath"), &path);
         if (r == -ENOENT)
                 return -EUNATCH; /* in this case, let the caller print a message */
@@ -236,23 +234,34 @@ static int acquire_boot_count_path(
                                        "Path read from LoaderBootCountPath is not absolute, refusing: %s",
                                        path);
 
-        last = last_path_component(path);
-        e = strrchr(last, '+');
+        const char *last = NULL;
+        r = path_find_last_component(path, /* accept_dot_dot= */ false, /* next= */ NULL, &last);
+        if (r < 0)
+                return log_error_errno(r, "Failed to extract filename from LoaderBootCountPath '%s': %m", path);
+        if (r == 0)
+                return log_error_errno(SYNTHETIC_ERRNO(EADDRNOTAVAIL), "LoaderBootCountPath '%s' refers to the root directory: %m", path);
+        if (strlen(last) > (size_t) r)
+                return log_error_errno(SYNTHETIC_ERRNO(EISDIR), "LoaderBootCountPath '%s' refers to directory path, refusing.", path);
+
+        const char *e = strrchr(last, '+');
         if (!e)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Path read from LoaderBootCountPath does not contain a counter, refusing: %s",
                                        path);
 
+        _cleanup_free_ char *prefix = NULL;
         if (ret_prefix) {
                 prefix = strndup(path, e - path);
                 if (!prefix)
                         return log_oom();
         }
 
+        uint64_t left, done;
         r = parse_counter(path, &e, &left, &done);
         if (r < 0)
                 return r;
 
+        _cleanup_free_ char *suffix = NULL;
         if (ret_suffix) {
                 suffix = strdup(e);
                 if (!suffix)