summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/basic/locale-util.c1
-rw-r--r--src/basic/lockfile-util.c1
-rw-r--r--src/basic/path-util.c43
-rw-r--r--src/basic/path-util.h3
-rw-r--r--src/basic/util.c41
-rw-r--r--src/basic/util.h2
-rw-r--r--src/hostname/hostnamed.c1
-rw-r--r--src/import/pull-common.c1
-rw-r--r--src/libsystemd/sd-login/sd-login.c1
-rw-r--r--src/locale/localed.c19
-rw-r--r--src/shared/dropin.c1
-rw-r--r--src/shared/import-util.c3
-rw-r--r--src/test/test-util.c1
13 files changed, 65 insertions, 53 deletions
diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c
index 44e1628664..ccbc147931 100644
--- a/src/basic/locale-util.c
+++ b/src/basic/locale-util.c
@@ -23,6 +23,7 @@
#include "fd-util.h"
#include "locale-util.h"
+#include "path-util.h"
#include "set.h"
#include "string-util.h"
#include "strv.h"
diff --git a/src/basic/lockfile-util.c b/src/basic/lockfile-util.c
index e573dcb56f..6eee3009d8 100644
--- a/src/basic/lockfile-util.c
+++ b/src/basic/lockfile-util.c
@@ -30,6 +30,7 @@
#include "fd-util.h"
#include "fileio.h"
#include "lockfile-util.h"
+#include "path-util.h"
#include "util.h"
int make_lock_file(const char *p, int operation, LockFile *ret) {
diff --git a/src/basic/path-util.c b/src/basic/path-util.c
index b1cab7356c..d581f85707 100644
--- a/src/basic/path-util.c
+++ b/src/basic/path-util.c
@@ -723,3 +723,46 @@ char* dirname_malloc(const char *path) {
return dir2;
}
+
+bool filename_is_valid(const char *p) {
+ const char *e;
+
+ if (isempty(p))
+ return false;
+
+ if (streq(p, "."))
+ return false;
+
+ if (streq(p, ".."))
+ return false;
+
+ e = strchrnul(p, '/');
+ if (*e != 0)
+ return false;
+
+ if (e - p > FILENAME_MAX)
+ return false;
+
+ return true;
+}
+
+bool path_is_safe(const char *p) {
+
+ if (isempty(p))
+ return false;
+
+ if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
+ return false;
+
+ if (strlen(p)+1 > PATH_MAX)
+ return false;
+
+ /* The following two checks are not really dangerous, but hey, they still are confusing */
+ if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./"))
+ return false;
+
+ if (strstr(p, "//"))
+ return false;
+
+ return true;
+}
diff --git a/src/basic/path-util.h b/src/basic/path-util.h
index 1ff47ab193..b2acca05fe 100644
--- a/src/basic/path-util.h
+++ b/src/basic/path-util.h
@@ -102,3 +102,6 @@ char *prefix_root(const char *root, const char *path);
int parse_path_argument_and_warn(const char *path, bool suppress_root, char **arg);
char* dirname_malloc(const char *path);
+
+bool filename_is_valid(const char *p) _pure_;
+bool path_is_safe(const char *p) _pure_;
diff --git a/src/basic/util.c b/src/basic/util.c
index 06fe307ba0..576c6238d6 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -1439,26 +1439,6 @@ bool in_initrd(void) {
return saved;
}
-bool filename_is_valid(const char *p) {
-
- if (isempty(p))
- return false;
-
- if (strchr(p, '/'))
- return false;
-
- if (streq(p, "."))
- return false;
-
- if (streq(p, ".."))
- return false;
-
- if (strlen(p) > FILENAME_MAX)
- return false;
-
- return true;
-}
-
bool string_is_safe(const char *p) {
const char *t;
@@ -1476,27 +1456,6 @@ bool string_is_safe(const char *p) {
return true;
}
-bool path_is_safe(const char *p) {
-
- if (isempty(p))
- return false;
-
- if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
- return false;
-
- if (strlen(p)+1 > PATH_MAX)
- return false;
-
- /* The following two checks are not really dangerous, but hey, they still are confusing */
- if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./"))
- return false;
-
- if (strstr(p, "//"))
- return false;
-
- return true;
-}
-
/* hey glibc, APIs with callbacks without a user pointer are so useless */
void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size,
int (*compar) (const void *, const void *, void *), void *arg) {
diff --git a/src/basic/util.h b/src/basic/util.h
index 9388ba7d74..f96b493d9d 100644
--- a/src/basic/util.h
+++ b/src/basic/util.h
@@ -303,8 +303,6 @@ _alloc_(2, 3) static inline void *memdup_multiply(const void *p, size_t a, size_
return memdup(p, a * b);
}
-bool filename_is_valid(const char *p) _pure_;
-bool path_is_safe(const char *p) _pure_;
bool string_is_safe(const char *p) _pure_;
/**
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index 8bff7d4b39..a42124288d 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -31,6 +31,7 @@
#include "fileio-label.h"
#include "hostname-util.h"
#include "parse-util.h"
+#include "path-util.h"
#include "selinux-util.h"
#include "strv.h"
#include "util.h"
diff --git a/src/import/pull-common.c b/src/import/pull-common.c
index f465154b1d..0e918d6416 100644
--- a/src/import/pull-common.c
+++ b/src/import/pull-common.c
@@ -27,6 +27,7 @@
#include "escape.h"
#include "fd-util.h"
#include "io-util.h"
+#include "path-util.h"
#include "process-util.h"
#include "pull-common.h"
#include "pull-job.h"
diff --git a/src/libsystemd/sd-login/sd-login.c b/src/libsystemd/sd-login/sd-login.c
index 05cba9651a..879838601c 100644
--- a/src/libsystemd/sd-login/sd-login.c
+++ b/src/libsystemd/sd-login/sd-login.c
@@ -37,6 +37,7 @@
#include "login-util.h"
#include "macro.h"
#include "parse-util.h"
+#include "path-util.h"
#include "socket-util.h"
#include "string-util.h"
#include "strv.h"
diff --git a/src/locale/localed.c b/src/locale/localed.c
index 73e25f0642..343399a62d 100644
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -30,20 +30,21 @@
#include "sd-bus.h"
-#include "util.h"
-#include "mkdir.h"
-#include "strv.h"
-#include "def.h"
-#include "env-util.h"
-#include "fileio.h"
-#include "fileio-label.h"
-#include "bus-util.h"
#include "bus-error.h"
#include "bus-message.h"
+#include "bus-util.h"
+#include "def.h"
+#include "env-util.h"
#include "event-util.h"
+#include "fd-util.h"
+#include "fileio-label.h"
+#include "fileio.h"
#include "locale-util.h"
+#include "mkdir.h"
+#include "path-util.h"
#include "selinux-util.h"
-#include "fd-util.h"
+#include "strv.h"
+#include "util.h"
enum {
/* We don't list LC_ALL here on purpose. People should be
diff --git a/src/shared/dropin.c b/src/shared/dropin.c
index 1836e91acd..25400277ff 100644
--- a/src/shared/dropin.c
+++ b/src/shared/dropin.c
@@ -25,6 +25,7 @@
#include "fd-util.h"
#include "fileio-label.h"
#include "mkdir.h"
+#include "path-util.h"
#include "string-util.h"
#include "strv.h"
#include "util.h"
diff --git a/src/shared/import-util.c b/src/shared/import-util.c
index c4c66c847d..b50e86b944 100644
--- a/src/shared/import-util.c
+++ b/src/shared/import-util.c
@@ -20,9 +20,10 @@
***/
#include "btrfs-util.h"
+#include "import-util.h"
+#include "path-util.h"
#include "string-util.h"
#include "util.h"
-#include "import-util.h"
int import_url_last_component(const char *url, char **ret) {
const char *e, *p;
diff --git a/src/test/test-util.c b/src/test/test-util.c
index 8e5860f0e4..109791163f 100644
--- a/src/test/test-util.c
+++ b/src/test/test-util.c
@@ -50,6 +50,7 @@
#include "user-util.h"
#include "util.h"
#include "virt.h"
+#include "path-util.h"
static void test_streq_ptr(void) {
assert_se(streq_ptr(NULL, NULL));