diff options
Diffstat (limited to 'src/basic')
| -rw-r--r-- | src/basic/journal-importer.c | 3 | ||||
| -rw-r--r-- | src/basic/parse-util.c | 1 | ||||
| -rw-r--r-- | src/basic/rm-rf.c | 7 |
3 files changed, 9 insertions, 2 deletions
diff --git a/src/basic/journal-importer.c b/src/basic/journal-importer.c index d25fd358e8..66119d2de1 100644 --- a/src/basic/journal-importer.c +++ b/src/basic/journal-importer.c @@ -24,6 +24,7 @@ #include "fd-util.h" #include "parse-util.h" #include "string-util.h" +#include "unaligned.h" enum { IMPORTER_STATE_LINE = 0, /* waiting to read, or reading line */ @@ -203,7 +204,7 @@ static int get_data_size(JournalImporter *imp) { if (r <= 0) return r; - imp->data_size = le64toh( *(uint64_t *) data ); + imp->data_size = unaligned_read_le64(data); if (imp->data_size > DATA_SIZE_MAX) { log_error("Stream declares field with size %zu > DATA_SIZE_MAX = %u", imp->data_size, DATA_SIZE_MAX); diff --git a/src/basic/parse-util.c b/src/basic/parse-util.c index 6e58ced6f5..d86700736d 100644 --- a/src/basic/parse-util.c +++ b/src/basic/parse-util.c @@ -23,7 +23,6 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <xlocale.h> #include "alloc-util.h" #include "extract-word.h" diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c index 08497af729..bdaca264ff 100644 --- a/src/basic/rm-rf.c +++ b/src/basic/rm-rf.c @@ -187,6 +187,13 @@ int rm_rf(const char *path, RemoveFlags flags) { return -EPERM; } + /* Another safe-check. Removing "/path/.." could easily remove entire root as well. + * It's especially easy to do using globs in tmpfiles, like "/path/.*", which the glob() + * function expands to both "/path/." and "/path/..". + * Return -EINVAL to be consistent with rmdir("/path/."). */ + if (endswith(path, "/..") || endswith(path, "/../")) + return -EINVAL; + if ((flags & (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) == (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) { /* Try to remove as subvolume first */ r = btrfs_subvol_remove(path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); |