summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-08-23 14:33:50 +0200
committerLennart Poettering <lennart@poettering.net>2015-08-24 22:46:45 +0200
commitb9a8d250810d4803bc9bf6b36932b528cb991d1e (patch)
tree6843e538235d3c6c79a951984ff8d3f4bb5e1930 /src
parent25300b5a1fcf54674a69d0f4ab08925be00b0227 (diff)
machined: validate machine names at more places
When enumerating machines from /run, and when accepting machine names for operations, be more strict and always validate. Note that these checks are strictly speaking unnecessary, since enumeration happens only on the trusted /run...
Diffstat (limited to 'src')
-rw-r--r--src/basic/util.c3
-rw-r--r--src/libsystemd/sd-login/sd-login.c2
-rw-r--r--src/machine/machined.c3
3 files changed, 7 insertions, 1 deletions
diff --git a/src/basic/util.c b/src/basic/util.c
index deff68073c..f752595ca1 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -4913,6 +4913,9 @@ int container_get_leader(const char *machine, pid_t *pid) {
assert(machine);
assert(pid);
+ if (!machine_name_is_valid(machine))
+ return -EINVAL;
+
p = strjoina("/run/systemd/machines/", machine);
r = parse_env_file(p, NEWLINE, "LEADER", &s, "CLASS", &class, NULL);
if (r == -ENOENT)
diff --git a/src/libsystemd/sd-login/sd-login.c b/src/libsystemd/sd-login/sd-login.c
index 5f290573cb..0eadc8c747 100644
--- a/src/libsystemd/sd-login/sd-login.c
+++ b/src/libsystemd/sd-login/sd-login.c
@@ -791,7 +791,7 @@ _public_ int sd_get_machine_names(char ***machines) {
/* Filter out the unit: symlinks */
for (a = l, b = l; *a; a++) {
- if (startswith(*a, "unit:"))
+ if (startswith(*a, "unit:") || !machine_name_is_valid(*a))
free(*a);
else {
*b = *a;
diff --git a/src/machine/machined.c b/src/machine/machined.c
index 109bab76c5..9b9a334838 100644
--- a/src/machine/machined.c
+++ b/src/machine/machined.c
@@ -118,6 +118,9 @@ int manager_enumerate_machines(Manager *m) {
if (startswith(de->d_name, "unit:"))
continue;
+ if (!machine_name_is_valid(de->d_name))
+ continue;
+
k = manager_add_machine(m, de->d_name, &machine);
if (k < 0) {
log_error_errno(k, "Failed to add machine by file name %s: %m", de->d_name);