From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 7 Mar 2019 09:53:23 +0000 (+0100)
Subject: user-util: be more strict when reading $HOME and $SHELL
X-Git-Tag: v242-rc1~155^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d575f88bbe5bedfdb90cdef2d0aef7df63595ae1;p=thirdparty%2Fsystemd.git

user-util: be more strict when reading $HOME and $SHELL
---

diff --git a/src/basic/user-util.c b/src/basic/user-util.c
index 4cf4c5a3414..47d6763f1c9 100644
--- a/src/basic/user-util.c
+++ b/src/basic/user-util.c
@@ -458,7 +458,7 @@ int get_home_dir(char **_h) {
 
         /* Take the user specified one */
         e = secure_getenv("HOME");
-        if (e && path_is_absolute(e)) {
+        if (e && path_is_valid(e) && path_is_absolute(e)) {
                 h = strdup(e);
                 if (!h)
                         return -ENOMEM;
@@ -493,7 +493,8 @@ int get_home_dir(char **_h) {
         if (!p)
                 return errno > 0 ? -errno : -ESRCH;
 
-        if (!path_is_absolute(p->pw_dir))
+        if (!path_is_valid(p->pw_dir) ||
+            !path_is_absolute(p->pw_dir))
                 return -EINVAL;
 
         h = strdup(p->pw_dir);
@@ -514,7 +515,7 @@ int get_shell(char **_s) {
 
         /* Take the user specified one */
         e = getenv("SHELL");
-        if (e) {
+        if (e && path_is_valid(e) && path_is_absolute(e)) {
                 s = strdup(e);
                 if (!s)
                         return -ENOMEM;
@@ -549,7 +550,8 @@ int get_shell(char **_s) {
         if (!p)
                 return errno > 0 ? -errno : -ESRCH;
 
-        if (!path_is_absolute(p->pw_shell))
+        if (!path_is_valid(p->pw_shell) ||
+            !path_is_absolute(p->pw_shell))
                 return -EINVAL;
 
         s = strdup(p->pw_shell);