From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 17 Apr 2022 04:07:38 +0000 (+0900)
Subject: sd-device: verify new syspath on renaming
X-Git-Tag: v251-rc2~108^2~9
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ff58f2ae2a981bf106ed438887f989b1edd08174;p=thirdparty%2Fsystemd.git

sd-device: verify new syspath on renaming
---

diff --git a/src/libsystemd/sd-device/device-private.c b/src/libsystemd/sd-device/device-private.c
index de12ad7e00a..90dcd3a857f 100644
--- a/src/libsystemd/sd-device/device-private.c
+++ b/src/libsystemd/sd-device/device-private.c
@@ -747,20 +747,28 @@ int device_new_from_watch_handle_at(sd_device **ret, int dirfd, int wd) {
 }
 
 int device_rename(sd_device *device, const char *name) {
-        _cleanup_free_ char *dirname = NULL;
-        const char *new_syspath, *interface;
+        _cleanup_free_ char *new_syspath = NULL;
+        const char *interface;
         int r;
 
         assert(device);
         assert(name);
 
-        dirname = dirname_malloc(device->syspath);
-        if (!dirname)
+        if (!filename_is_valid(name))
+                return -EINVAL;
+
+        r = path_extract_directory(device->syspath, &new_syspath);
+        if (r < 0)
+                return r;
+
+        if (!path_extend(&new_syspath, name))
                 return -ENOMEM;
 
-        new_syspath = prefix_roota(dirname, name);
+        if (!path_is_safe(new_syspath))
+                return -EINVAL;
 
-        /* the user must trust that the new name is correct */
+        /* At the time this is called, the renamed device may not exist yet. Hence, we cannot validate
+         * the new syspath. */
         r = device_set_syspath(device, new_syspath, false);
         if (r < 0)
                 return r;