]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
cgroups-show: validate specified hostname before including it in fs path
authorLennart Poettering <lennart@poettering.net>
Wed, 6 Oct 2021 15:04:16 +0000 (17:04 +0200)
committerLennart Poettering <lennart@poettering.net>
Thu, 7 Oct 2021 09:49:57 +0000 (11:49 +0200)
let's make sure the specified hostname is really valid before we build
an fs path from it. Just as a safety future, so that people can't trick
us with hostnames including "/../" or so.

src/shared/cgroup-show.c

index bdc35492d03e60c56aac196ebca70fef04bcc5a3..4c0bb49108b2c9a7b0165818140d5e463fcc5b84 100644 (file)
@@ -14,6 +14,7 @@
 #include "env-file.h"
 #include "fd-util.h"
 #include "format-util.h"
+#include "hostname-util.h"
 #include "locale-util.h"
 #include "macro.h"
 #include "output-mode.h"
@@ -355,14 +356,17 @@ int show_cgroup_get_path_and_warn(
                 const char *prefix,
                 char **ret) {
 
-        int r;
         _cleanup_free_ char *root = NULL;
+        int r;
 
         if (machine) {
                 _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
                 _cleanup_free_ char *unit = NULL;
                 const char *m;
 
+                if (!hostname_is_valid(machine, 0))
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Machine name is not valid: %s", machine);
+
                 m = strjoina("/run/systemd/machines/", machine);
                 r = parse_env_file(NULL, m, "SCOPE", &unit);
                 if (r < 0)