From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 4 Mar 2019 18:19:30 +0000 (+0100)
Subject: bootspec: validate bootpsec entry ids before we use them
X-Git-Tag: v242-rc1~192^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eed7210a5c13299364cddf3600c2e76d4889ab36;p=thirdparty%2Fsystemd.git

bootspec: validate bootpsec entry ids before we use them
---

diff --git a/src/shared/bootspec.c b/src/shared/bootspec.c
index 03f86297354..39a7a97b128 100644
--- a/src/shared/bootspec.c
+++ b/src/shared/bootspec.c
@@ -66,13 +66,16 @@ static int boot_entry_load(
 
         c = endswith_no_case(path, ".conf");
         if (!c)
-                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid loader entry filename: %s", path);
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid loader entry file suffix: %s", path);
 
         b = basename(path);
         tmp.id = strndup(b, c - b);
         if (!tmp.id)
                 return log_oom();
 
+        if (!efi_loader_entry_name_valid(tmp.id))
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid loader entry filename: %s", path);
+
         tmp.path = strdup(path);
         if (!tmp.path)
                 return log_oom();
@@ -310,6 +313,9 @@ static int boot_entry_load_unified(
         if (!tmp.id)
                 return log_oom();
 
+        if (!efi_loader_entry_name_valid(tmp.id))
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid loader entry: %s", tmp.id);
+
         tmp.path = strdup(path);
         if (!tmp.path)
                 return log_oom();