From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 22 Feb 2024 10:47:34 +0000 (+0100)
Subject: importd: tighten checks in fds passed to us
X-Git-Tag: v256-rc1~671^2~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3c892b41fd73fa653729c2abd4084ccecee7c20;p=thirdparty%2Fsystemd.git

importd: tighten checks in fds passed to us
---

diff --git a/src/import/importd.c b/src/import/importd.c
index 47dfb2dfafc..0f6bf71419e 100644
--- a/src/import/importd.c
+++ b/src/import/importd.c
@@ -761,6 +761,10 @@ static int method_import_tar_or_raw(sd_bus_message *msg, void *userdata, sd_bus_
                 SET_FLAG(flags, IMPORT_READ_ONLY, read_only);
         }
 
+        r = fd_verify_safe_flags(fd);
+        if (r < 0)
+                return r;
+
         if (fstat(fd, &st) < 0)
                 return -errno;
 
@@ -858,6 +862,10 @@ static int method_import_fs(sd_bus_message *msg, void *userdata, sd_bus_error *e
                 SET_FLAG(flags, IMPORT_READ_ONLY, read_only);
         }
 
+        r = fd_verify_safe_flags(fd);
+        if (r < 0)
+                return r;
+
         r = fd_verify_directory(fd);
         if (r < 0)
                 return r;
@@ -951,6 +959,10 @@ static int method_export_tar_or_raw(sd_bus_message *msg, void *userdata, sd_bus_
                 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
                                          "Local name %s is invalid", local);
 
+        r = fd_verify_safe_flags(fd);
+        if (r < 0)
+                return r;
+
         if (fstat(fd, &st) < 0)
                 return -errno;