From: Lennart Poettering Date: Tue, 14 Sep 2021 21:19:38 +0000 (+0200) Subject: sysctl-util: rework sysctl_write() to wrap write_string_file() X-Git-Tag: v250-rc1~666^2~6 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=13239c86e01b4d96ca08b321ffc01a30905d46ce;p=thirdparty%2Fsystemd.git sysctl-util: rework sysctl_write() to wrap write_string_file() The sysctl_write_ip_property() call already uses write_string_file(), so let's do so here, too, to make the codepaths more uniform. While we are at it, let's also validate the passed path a bit, since we shouldn't allow sysctls with /../ or such in the name. Hence simplify the path first, and then check if it is normalized, and refuse if not. --- diff --git a/src/basic/sysctl-util.c b/src/basic/sysctl-util.c index 8913e6ff85b..60eec3dfec1 100644 --- a/src/basic/sysctl-util.c +++ b/src/basic/sysctl-util.c @@ -44,25 +44,19 @@ char *sysctl_normalize(char *s) { int sysctl_write(const char *property, const char *value) { char *p; - _cleanup_close_ int fd = -1; assert(property); assert(value); - log_debug("Setting '%s' to '%.*s'.", property, (int) strcspn(value, NEWLINE), value); - p = strjoina("/proc/sys/", property); - fd = open(p, O_WRONLY|O_CLOEXEC); - if (fd < 0) - return -errno; - if (!endswith(value, "\n")) - value = strjoina(value, "\n"); + path_simplify(p); + if (!path_is_normalized(p)) + return -EINVAL; - if (write(fd, value, strlen(value)) < 0) - return -errno; + log_debug("Setting '%s' to '%s'", p, value); - return 0; + return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_DISABLE_BUFFER); } int sysctl_writef(const char *property, const char *format, ...) {