From: Lennart Poettering Date: Thu, 22 Jan 2026 21:50:43 +0000 (+0100) Subject: hostnamed: after unescaping fancy name, validate it's valid UTF-8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa41ce11421589f80a7275571bffa9f0d03dbb98;p=thirdparty%2Fsystemd.git hostnamed: after unescaping fancy name, validate it's valid UTF-8 The fancy name could contain arbitrary bytes, in escaped fashion. Before using it, let's validate that this contains only valid UTF-8. (Note that D-Bus might kick us off the bus if we don't ensure everything we send around is UTF-8). (While we are at it, do the same in PID 1, even though it's not that important there) Addresses this issue found by @YHNdnzj: https://github.com/systemd/systemd/pull/40367#discussion_r2714614301 Follow-up for: #40367 --- diff --git a/src/core/main.c b/src/core/main.c index 0e5e201f2dd..687b397e621 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1422,6 +1422,9 @@ static int os_release_status(void) { if (l < 0) { log_debug_errno(l, "Failed to unescape FANCY_NAME=, ignoring: %m"); fancy_name = mfree(fancy_name); + } else if (!utf8_is_valid(fancy_name)) { + log_debug("Unescaped FANCY_NAME= contains invalid UTF-8, ignoring."); + fancy_name = mfree(fancy_name); } else { free_and_replace(fancy_name, unescaped); diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c index d2461981af2..fc1bab0f751 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c @@ -238,6 +238,9 @@ static void context_read_os_release(Context *c) { if (l < 0) { log_warning_errno(l, "Failed to unescape fancy OS name, ignoring: %m"); os_fancy_name = mfree(os_fancy_name); + } else if (!utf8_is_valid(unescaped)) { + log_warning("Unescaped fancy OS name contains invalid UTF-8, ignoring."); + os_fancy_name = mfree(os_fancy_name); } else free_and_replace(os_fancy_name, unescaped); }