diff options
-rw-r--r-- | src/basic/locale-util.c | 1 | ||||
-rw-r--r-- | src/basic/lockfile-util.c | 1 | ||||
-rw-r--r-- | src/basic/path-util.c | 43 | ||||
-rw-r--r-- | src/basic/path-util.h | 3 | ||||
-rw-r--r-- | src/basic/util.c | 41 | ||||
-rw-r--r-- | src/basic/util.h | 2 | ||||
-rw-r--r-- | src/hostname/hostnamed.c | 1 | ||||
-rw-r--r-- | src/import/pull-common.c | 1 | ||||
-rw-r--r-- | src/libsystemd/sd-login/sd-login.c | 1 | ||||
-rw-r--r-- | src/locale/localed.c | 19 | ||||
-rw-r--r-- | src/shared/dropin.c | 1 | ||||
-rw-r--r-- | src/shared/import-util.c | 3 | ||||
-rw-r--r-- | src/test/test-util.c | 1 |
13 files changed, 65 insertions, 53 deletions
diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c index 44e1628664..ccbc147931 100644 --- a/src/basic/locale-util.c +++ b/src/basic/locale-util.c @@ -23,6 +23,7 @@ #include "fd-util.h" #include "locale-util.h" +#include "path-util.h" #include "set.h" #include "string-util.h" #include "strv.h" diff --git a/src/basic/lockfile-util.c b/src/basic/lockfile-util.c index e573dcb56f..6eee3009d8 100644 --- a/src/basic/lockfile-util.c +++ b/src/basic/lockfile-util.c @@ -30,6 +30,7 @@ #include "fd-util.h" #include "fileio.h" #include "lockfile-util.h" +#include "path-util.h" #include "util.h" int make_lock_file(const char *p, int operation, LockFile *ret) { diff --git a/src/basic/path-util.c b/src/basic/path-util.c index b1cab7356c..d581f85707 100644 --- a/src/basic/path-util.c +++ b/src/basic/path-util.c @@ -723,3 +723,46 @@ char* dirname_malloc(const char *path) { return dir2; } + +bool filename_is_valid(const char *p) { + const char *e; + + if (isempty(p)) + return false; + + if (streq(p, ".")) + return false; + + if (streq(p, "..")) + return false; + + e = strchrnul(p, '/'); + if (*e != 0) + return false; + + if (e - p > FILENAME_MAX) + return false; + + return true; +} + +bool path_is_safe(const char *p) { + + if (isempty(p)) + return false; + + if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../")) + return false; + + if (strlen(p)+1 > PATH_MAX) + return false; + + /* The following two checks are not really dangerous, but hey, they still are confusing */ + if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./")) + return false; + + if (strstr(p, "//")) + return false; + + return true; +} diff --git a/src/basic/path-util.h b/src/basic/path-util.h index 1ff47ab193..b2acca05fe 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h @@ -102,3 +102,6 @@ char *prefix_root(const char *root, const char *path); int parse_path_argument_and_warn(const char *path, bool suppress_root, char **arg); char* dirname_malloc(const char *path); + +bool filename_is_valid(const char *p) _pure_; +bool path_is_safe(const char *p) _pure_; diff --git a/src/basic/util.c b/src/basic/util.c index 06fe307ba0..576c6238d6 100644 --- a/src/basic/util.c +++ b/src/basic/util.c @@ -1439,26 +1439,6 @@ bool in_initrd(void) { return saved; } -bool filename_is_valid(const char *p) { - - if (isempty(p)) - return false; - - if (strchr(p, '/')) - return false; - - if (streq(p, ".")) - return false; - - if (streq(p, "..")) - return false; - - if (strlen(p) > FILENAME_MAX) - return false; - - return true; -} - bool string_is_safe(const char *p) { const char *t; @@ -1476,27 +1456,6 @@ bool string_is_safe(const char *p) { return true; } -bool path_is_safe(const char *p) { - - if (isempty(p)) - return false; - - if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../")) - return false; - - if (strlen(p)+1 > PATH_MAX) - return false; - - /* The following two checks are not really dangerous, but hey, they still are confusing */ - if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./")) - return false; - - if (strstr(p, "//")) - return false; - - return true; -} - /* hey glibc, APIs with callbacks without a user pointer are so useless */ void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size, int (*compar) (const void *, const void *, void *), void *arg) { diff --git a/src/basic/util.h b/src/basic/util.h index 9388ba7d74..f96b493d9d 100644 --- a/src/basic/util.h +++ b/src/basic/util.h @@ -303,8 +303,6 @@ _alloc_(2, 3) static inline void *memdup_multiply(const void *p, size_t a, size_ return memdup(p, a * b); } -bool filename_is_valid(const char *p) _pure_; -bool path_is_safe(const char *p) _pure_; bool string_is_safe(const char *p) _pure_; /** diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c index 8bff7d4b39..a42124288d 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c @@ -31,6 +31,7 @@ #include "fileio-label.h" #include "hostname-util.h" #include "parse-util.h" +#include "path-util.h" #include "selinux-util.h" #include "strv.h" #include "util.h" diff --git a/src/import/pull-common.c b/src/import/pull-common.c index f465154b1d..0e918d6416 100644 --- a/src/import/pull-common.c +++ b/src/import/pull-common.c @@ -27,6 +27,7 @@ #include "escape.h" #include "fd-util.h" #include "io-util.h" +#include "path-util.h" #include "process-util.h" #include "pull-common.h" #include "pull-job.h" diff --git a/src/libsystemd/sd-login/sd-login.c b/src/libsystemd/sd-login/sd-login.c index 05cba9651a..879838601c 100644 --- a/src/libsystemd/sd-login/sd-login.c +++ b/src/libsystemd/sd-login/sd-login.c @@ -37,6 +37,7 @@ #include "login-util.h" #include "macro.h" #include "parse-util.h" +#include "path-util.h" #include "socket-util.h" #include "string-util.h" #include "strv.h" diff --git a/src/locale/localed.c b/src/locale/localed.c index 73e25f0642..343399a62d 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c @@ -30,20 +30,21 @@ #include "sd-bus.h" -#include "util.h" -#include "mkdir.h" -#include "strv.h" -#include "def.h" -#include "env-util.h" -#include "fileio.h" -#include "fileio-label.h" -#include "bus-util.h" #include "bus-error.h" #include "bus-message.h" +#include "bus-util.h" +#include "def.h" +#include "env-util.h" #include "event-util.h" +#include "fd-util.h" +#include "fileio-label.h" +#include "fileio.h" #include "locale-util.h" +#include "mkdir.h" +#include "path-util.h" #include "selinux-util.h" -#include "fd-util.h" +#include "strv.h" +#include "util.h" enum { /* We don't list LC_ALL here on purpose. People should be diff --git a/src/shared/dropin.c b/src/shared/dropin.c index 1836e91acd..25400277ff 100644 --- a/src/shared/dropin.c +++ b/src/shared/dropin.c @@ -25,6 +25,7 @@ #include "fd-util.h" #include "fileio-label.h" #include "mkdir.h" +#include "path-util.h" #include "string-util.h" #include "strv.h" #include "util.h" diff --git a/src/shared/import-util.c b/src/shared/import-util.c index c4c66c847d..b50e86b944 100644 --- a/src/shared/import-util.c +++ b/src/shared/import-util.c @@ -20,9 +20,10 @@ ***/ #include "btrfs-util.h" +#include "import-util.h" +#include "path-util.h" #include "string-util.h" #include "util.h" -#include "import-util.h" int import_url_last_component(const char *url, char **ret) { const char *e, *p; diff --git a/src/test/test-util.c b/src/test/test-util.c index 8e5860f0e4..109791163f 100644 --- a/src/test/test-util.c +++ b/src/test/test-util.c @@ -50,6 +50,7 @@ #include "user-util.h" #include "util.h" #include "virt.h" +#include "path-util.h" static void test_streq_ptr(void) { assert_se(streq_ptr(NULL, NULL)); |