]>
git.ipfire.org Git - thirdparty/systemd.git/commit
string-util: beef up string_is_safe()
This tightens the checks of string_is_safe() and then adds flags to
relax certain aspects of it.
This does alter the rules on certain strings we pass a bit. We mostly
tighten the rules (but I think it's find and good) but we relax them on
others.
I let claude review the changes in behaviour for the various call sites
that I made. It summarized things in this table:
╭───────────────────────────────────────────────────┬──────────────────────────────────────────────╮
│ CALL SITE │ EFFECTIVE DELTA │
├───────────────────────────────────────────────────┼──────────────────────────────────────────────┤
│ src/basic/syslog-util log_namespace_name_valid │ +UTF-8 required (globs already blocked) │
│ src/bootctl --efi-boot-option-description │ RELAXED: '\' and quotes now permitted │
│ src/core/dbus-manager pretimeout governor │ +UTF-8, +no-globs │
│ src/core/load-fragment ExecStart= path │ +UTF-8, +no-globs │
│ src/core/main pretimeout governor (kcmdline) │ +UTF-8, +no-globs │
│ src/core/service sd_notify STATUS= │ +no-globs (ASCII-only preserved) │
│ src/home/homectl --<identity field>= │ empty now REJECTED; +UTF-8 │
│ src/libsystemd-network dhcp_option_parse_string │ (equivalent, just explicit) │
│ src/libsystemd-network sd_dhcp_server boot_fname │ ""→NULL coerced; else equivalent │
│ src/libsystemd/journal SYSLOG_IDENTIFIER fb │ +UTF-8, +no-globs │
│ src/libsystemd/sd-json SD_JSON_STRICT strings │ +UTF-8 required │
│ src/login/logind session desktop= │ +UTF-8 required │
│ src/pcrlock EFI variable string │ +UTF-8 │
│ src/pcrlock EFI action string │ RELAXED: empty + '\' now ok; +UTF-8 │
│ src/resolve dns-delegate id (from filename) │ +UTF-8, +no-globs │
│ src/shared/boot-entry boot_entry_token_valid │ (equivalent) │
│ src/shared/conf-parser section header │ +UTF-8, +no-globs │
│ src/shared/conf-parser CONFIG_PARSE_STRING_SAFE │ +UTF-8 required │
│ src/shared/kbd-util keymap_is_valid │ (equivalent; folded into STRING_FILENAME) │
│ src/shared/tpm2 nvpcr name │ +UTF-8 required │
│ src/shared/vconsole x11 layout/model/variant/opt │ +UTF-8, +no-globs │
│ src/systemctl --kernel-cmdline= │ +0x7f DEL rejected; empty path split out │
│ src/veritysetup salt= │ RELAXED: safety check removed entirely │
│ src/vmspawn --ssh-key-type= │ +UTF-8 required │
╰───────────────────────────────────────────────────┴──────────────────────────────────────────────╯
26 files changed:
projects / thirdparty / systemd.git / commit
