fileio: add additional safety checks

Let's protect against attempts to create temporary files above the root
dir, as that makes little sense.

Let's better be safe than sorry.

diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index 6b0bad5b714ec6bbd3eb616f5802461b0b3c6d4f..9ff9118031da85fc81f6b49757afa7c30fc25603 100644 (file)
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -1225,9 +1225,13 @@ int tempfn_xxxxxx(const char *p, const char *extra, char **ret) {
         const char *fn;
         char *t;
 
-        assert(p);
         assert(ret);
 
+        if (isempty(p))
+                return -EINVAL;
+        if (path_equal(p, "/"))
+                return -EINVAL;
+
         /*
          * Turns this:
          *         /foo/bar/waldo
@@ -1258,9 +1262,13 @@ int tempfn_random(const char *p, const char *extra, char **ret) {
         uint64_t u;
         unsigned i;
 
-        assert(p);
         assert(ret);
 
+        if (isempty(p))
+                return -EINVAL;
+        if (path_equal(p, "/"))
+                return -EINVAL;
+
         /*
          * Turns this:
          *         /foo/bar/waldo
@@ -1311,7 +1319,8 @@ int tempfn_random_child(const char *p, const char *extra, char **ret) {
                 r = tmp_dir(&p);
                 if (r < 0)
                         return r;
-        }
+        } else if (isempty(p))
+                return -EINVAL;
 
         extra = strempty(extra);
 
@@ -1404,7 +1413,8 @@ int open_tmpfile_unlinkable(const char *directory, int flags) {
                 r = tmp_dir(&directory);
                 if (r < 0)
                         return r;
-        }
+        } else if (isempty(directory))
+                return -EINVAL;
 
         /* Returns an unlinked temporary file that cannot be linked into the file system anymore */