cgroup-util: be more strict when processing slice unit names

2 files changed, 8 insertions, 2 deletions

diff --git a/src/shared/cgroup-util.c b/src/shared/cgroup-util.c
index 1306cc197a..b5e4094f4e 100644
--- a/src/shared/cgroup-util.c
+++ b/src/shared/cgroup-util.c
@@ -1663,11 +1663,17 @@ int cg_slice_to_path(const char *unit, char **ret) {
                 return -ENOMEM;
 
         dash = strchr(p, '-');
+
+        /* Don't allow initial dashes */
+        if (dash == p)
+                return -EINVAL;
+
         while (dash) {
                 _cleanup_free_ char *escaped = NULL;
                 char n[dash - p + sizeof(".slice")];
 
-                if (isempty(dash + 1))
+                /* Don't allow trailing or double dashes */
+                if (dash[1] == 0 || dash[1] == '-')
                         return -EINVAL;
 
                 strcpy(stpncpy(n, p, dash - p), ".slice");
diff --git a/src/test/test-cgroup-util.c b/src/test/test-cgroup-util.c
index efe99cb34b..4a89f64518 100644
--- a/src/test/test-cgroup-util.c
+++ b/src/test/test-cgroup-util.c
@@ -274,7 +274,7 @@ static void test_slice_to_path(void) {
         test_slice_to_path_one("-foo-.slice", NULL, -EINVAL);
         test_slice_to_path_one("-foo.slice", NULL, -EINVAL);
         test_slice_to_path_one("foo-.slice", NULL, -EINVAL);
-        test_slice_to_path_one("foo--bar.slice", "foo.slice/foo-.slice/foo--bar.slice", 0);
+        test_slice_to_path_one("foo--bar.slice", NULL, -EINVAL);
         test_slice_to_path_one("foo.slice/foo--bar.slice", NULL, -EINVAL);
         test_slice_to_path_one("a-b.slice", "a.slice/a-b.slice", 0);
         test_slice_to_path_one("a-b-c-d-e.slice", "a.slice/a-b.slice/a-b-c.slice/a-b-c-d.slice/a-b-c-d-e.slice", 0);