diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-10-26 18:59:36 +0100 | 
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-10-27 13:25:55 +0100 | 
| commit | bb15fafe9cd815fe5bf9eae84c08aead2eb98fd7 (patch) | |
| tree | 57955c8d8a47196e17d4a2d3963766ad59ef3735 /src | |
| parent | 4349cd7c1d153c4ffa23cf1cff1644e0afa9bcf0 (diff) | |
util: move filename_is_valid() and path_is_safe() to path-util.[ch]
Diffstat (limited to 'src')
| -rw-r--r-- | src/basic/locale-util.c | 1 | ||||
| -rw-r--r-- | src/basic/lockfile-util.c | 1 | ||||
| -rw-r--r-- | src/basic/path-util.c | 43 | ||||
| -rw-r--r-- | src/basic/path-util.h | 3 | ||||
| -rw-r--r-- | src/basic/util.c | 41 | ||||
| -rw-r--r-- | src/basic/util.h | 2 | ||||
| -rw-r--r-- | src/hostname/hostnamed.c | 1 | ||||
| -rw-r--r-- | src/import/pull-common.c | 1 | ||||
| -rw-r--r-- | src/libsystemd/sd-login/sd-login.c | 1 | ||||
| -rw-r--r-- | src/locale/localed.c | 19 | ||||
| -rw-r--r-- | src/shared/dropin.c | 1 | ||||
| -rw-r--r-- | src/shared/import-util.c | 3 | ||||
| -rw-r--r-- | src/test/test-util.c | 1 | 
13 files changed, 65 insertions, 53 deletions
| diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c index 44e1628664..ccbc147931 100644 --- a/src/basic/locale-util.c +++ b/src/basic/locale-util.c @@ -23,6 +23,7 @@  #include "fd-util.h"  #include "locale-util.h" +#include "path-util.h"  #include "set.h"  #include "string-util.h"  #include "strv.h" diff --git a/src/basic/lockfile-util.c b/src/basic/lockfile-util.c index e573dcb56f..6eee3009d8 100644 --- a/src/basic/lockfile-util.c +++ b/src/basic/lockfile-util.c @@ -30,6 +30,7 @@  #include "fd-util.h"  #include "fileio.h"  #include "lockfile-util.h" +#include "path-util.h"  #include "util.h"  int make_lock_file(const char *p, int operation, LockFile *ret) { diff --git a/src/basic/path-util.c b/src/basic/path-util.c index b1cab7356c..d581f85707 100644 --- a/src/basic/path-util.c +++ b/src/basic/path-util.c @@ -723,3 +723,46 @@ char* dirname_malloc(const char *path) {          return dir2;  } + +bool filename_is_valid(const char *p) { +        const char *e; + +        if (isempty(p)) +                return false; + +        if (streq(p, ".")) +                return false; + +        if (streq(p, "..")) +                return false; + +        e = strchrnul(p, '/'); +        if (*e != 0) +                return false; + +        if (e - p > FILENAME_MAX) +                return false; + +        return true; +} + +bool path_is_safe(const char *p) { + +        if (isempty(p)) +                return false; + +        if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../")) +                return false; + +        if (strlen(p)+1 > PATH_MAX) +                return false; + +        /* The following two checks are not really dangerous, but hey, they still are confusing */ +        if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./")) +                return false; + +        if (strstr(p, "//")) +                return false; + +        return true; +} diff --git a/src/basic/path-util.h b/src/basic/path-util.h index 1ff47ab193..b2acca05fe 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h @@ -102,3 +102,6 @@ char *prefix_root(const char *root, const char *path);  int parse_path_argument_and_warn(const char *path, bool suppress_root, char **arg);  char* dirname_malloc(const char *path); + +bool filename_is_valid(const char *p) _pure_; +bool path_is_safe(const char *p) _pure_; diff --git a/src/basic/util.c b/src/basic/util.c index 06fe307ba0..576c6238d6 100644 --- a/src/basic/util.c +++ b/src/basic/util.c @@ -1439,26 +1439,6 @@ bool in_initrd(void) {          return saved;  } -bool filename_is_valid(const char *p) { - -        if (isempty(p)) -                return false; - -        if (strchr(p, '/')) -                return false; - -        if (streq(p, ".")) -                return false; - -        if (streq(p, "..")) -                return false; - -        if (strlen(p) > FILENAME_MAX) -                return false; - -        return true; -} -  bool string_is_safe(const char *p) {          const char *t; @@ -1476,27 +1456,6 @@ bool string_is_safe(const char *p) {          return true;  } -bool path_is_safe(const char *p) { - -        if (isempty(p)) -                return false; - -        if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../")) -                return false; - -        if (strlen(p)+1 > PATH_MAX) -                return false; - -        /* The following two checks are not really dangerous, but hey, they still are confusing */ -        if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./")) -                return false; - -        if (strstr(p, "//")) -                return false; - -        return true; -} -  /* hey glibc, APIs with callbacks without a user pointer are so useless */  void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size,                   int (*compar) (const void *, const void *, void *), void *arg) { diff --git a/src/basic/util.h b/src/basic/util.h index 9388ba7d74..f96b493d9d 100644 --- a/src/basic/util.h +++ b/src/basic/util.h @@ -303,8 +303,6 @@ _alloc_(2, 3) static inline void *memdup_multiply(const void *p, size_t a, size_          return memdup(p, a * b);  } -bool filename_is_valid(const char *p) _pure_; -bool path_is_safe(const char *p) _pure_;  bool string_is_safe(const char *p) _pure_;  /** diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c index 8bff7d4b39..a42124288d 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c @@ -31,6 +31,7 @@  #include "fileio-label.h"  #include "hostname-util.h"  #include "parse-util.h" +#include "path-util.h"  #include "selinux-util.h"  #include "strv.h"  #include "util.h" diff --git a/src/import/pull-common.c b/src/import/pull-common.c index f465154b1d..0e918d6416 100644 --- a/src/import/pull-common.c +++ b/src/import/pull-common.c @@ -27,6 +27,7 @@  #include "escape.h"  #include "fd-util.h"  #include "io-util.h" +#include "path-util.h"  #include "process-util.h"  #include "pull-common.h"  #include "pull-job.h" diff --git a/src/libsystemd/sd-login/sd-login.c b/src/libsystemd/sd-login/sd-login.c index 05cba9651a..879838601c 100644 --- a/src/libsystemd/sd-login/sd-login.c +++ b/src/libsystemd/sd-login/sd-login.c @@ -37,6 +37,7 @@  #include "login-util.h"  #include "macro.h"  #include "parse-util.h" +#include "path-util.h"  #include "socket-util.h"  #include "string-util.h"  #include "strv.h" diff --git a/src/locale/localed.c b/src/locale/localed.c index 73e25f0642..343399a62d 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c @@ -30,20 +30,21 @@  #include "sd-bus.h" -#include "util.h" -#include "mkdir.h" -#include "strv.h" -#include "def.h" -#include "env-util.h" -#include "fileio.h" -#include "fileio-label.h" -#include "bus-util.h"  #include "bus-error.h"  #include "bus-message.h" +#include "bus-util.h" +#include "def.h" +#include "env-util.h"  #include "event-util.h" +#include "fd-util.h" +#include "fileio-label.h" +#include "fileio.h"  #include "locale-util.h" +#include "mkdir.h" +#include "path-util.h"  #include "selinux-util.h" -#include "fd-util.h" +#include "strv.h" +#include "util.h"  enum {          /* We don't list LC_ALL here on purpose. People should be diff --git a/src/shared/dropin.c b/src/shared/dropin.c index 1836e91acd..25400277ff 100644 --- a/src/shared/dropin.c +++ b/src/shared/dropin.c @@ -25,6 +25,7 @@  #include "fd-util.h"  #include "fileio-label.h"  #include "mkdir.h" +#include "path-util.h"  #include "string-util.h"  #include "strv.h"  #include "util.h" diff --git a/src/shared/import-util.c b/src/shared/import-util.c index c4c66c847d..b50e86b944 100644 --- a/src/shared/import-util.c +++ b/src/shared/import-util.c @@ -20,9 +20,10 @@  ***/  #include "btrfs-util.h" +#include "import-util.h" +#include "path-util.h"  #include "string-util.h"  #include "util.h" -#include "import-util.h"  int import_url_last_component(const char *url, char **ret) {          const char *e, *p; diff --git a/src/test/test-util.c b/src/test/test-util.c index 8e5860f0e4..109791163f 100644 --- a/src/test/test-util.c +++ b/src/test/test-util.c @@ -50,6 +50,7 @@  #include "user-util.h"  #include "util.h"  #include "virt.h" +#include "path-util.h"  static void test_streq_ptr(void) {          assert_se(streq_ptr(NULL, NULL)); | 
