diff options
Diffstat (limited to 'src/basic')
| -rw-r--r-- | src/basic/locale-util.c | 1 | ||||
| -rw-r--r-- | src/basic/lockfile-util.c | 1 | ||||
| -rw-r--r-- | src/basic/path-util.c | 43 | ||||
| -rw-r--r-- | src/basic/path-util.h | 3 | ||||
| -rw-r--r-- | src/basic/util.c | 41 | ||||
| -rw-r--r-- | src/basic/util.h | 2 |
6 files changed, 48 insertions, 43 deletions
diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c index 44e1628664..ccbc147931 100644 --- a/src/basic/locale-util.c +++ b/src/basic/locale-util.c @@ -23,6 +23,7 @@ #include "fd-util.h" #include "locale-util.h" +#include "path-util.h" #include "set.h" #include "string-util.h" #include "strv.h" diff --git a/src/basic/lockfile-util.c b/src/basic/lockfile-util.c index e573dcb56f..6eee3009d8 100644 --- a/src/basic/lockfile-util.c +++ b/src/basic/lockfile-util.c @@ -30,6 +30,7 @@ #include "fd-util.h" #include "fileio.h" #include "lockfile-util.h" +#include "path-util.h" #include "util.h" int make_lock_file(const char *p, int operation, LockFile *ret) { diff --git a/src/basic/path-util.c b/src/basic/path-util.c index b1cab7356c..d581f85707 100644 --- a/src/basic/path-util.c +++ b/src/basic/path-util.c @@ -723,3 +723,46 @@ char* dirname_malloc(const char *path) { return dir2; } + +bool filename_is_valid(const char *p) { + const char *e; + + if (isempty(p)) + return false; + + if (streq(p, ".")) + return false; + + if (streq(p, "..")) + return false; + + e = strchrnul(p, '/'); + if (*e != 0) + return false; + + if (e - p > FILENAME_MAX) + return false; + + return true; +} + +bool path_is_safe(const char *p) { + + if (isempty(p)) + return false; + + if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../")) + return false; + + if (strlen(p)+1 > PATH_MAX) + return false; + + /* The following two checks are not really dangerous, but hey, they still are confusing */ + if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./")) + return false; + + if (strstr(p, "//")) + return false; + + return true; +} diff --git a/src/basic/path-util.h b/src/basic/path-util.h index 1ff47ab193..b2acca05fe 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h @@ -102,3 +102,6 @@ char *prefix_root(const char *root, const char *path); int parse_path_argument_and_warn(const char *path, bool suppress_root, char **arg); char* dirname_malloc(const char *path); + +bool filename_is_valid(const char *p) _pure_; +bool path_is_safe(const char *p) _pure_; diff --git a/src/basic/util.c b/src/basic/util.c index 06fe307ba0..576c6238d6 100644 --- a/src/basic/util.c +++ b/src/basic/util.c @@ -1439,26 +1439,6 @@ bool in_initrd(void) { return saved; } -bool filename_is_valid(const char *p) { - - if (isempty(p)) - return false; - - if (strchr(p, '/')) - return false; - - if (streq(p, ".")) - return false; - - if (streq(p, "..")) - return false; - - if (strlen(p) > FILENAME_MAX) - return false; - - return true; -} - bool string_is_safe(const char *p) { const char *t; @@ -1476,27 +1456,6 @@ bool string_is_safe(const char *p) { return true; } -bool path_is_safe(const char *p) { - - if (isempty(p)) - return false; - - if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../")) - return false; - - if (strlen(p)+1 > PATH_MAX) - return false; - - /* The following two checks are not really dangerous, but hey, they still are confusing */ - if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./")) - return false; - - if (strstr(p, "//")) - return false; - - return true; -} - /* hey glibc, APIs with callbacks without a user pointer are so useless */ void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size, int (*compar) (const void *, const void *, void *), void *arg) { diff --git a/src/basic/util.h b/src/basic/util.h index 9388ba7d74..f96b493d9d 100644 --- a/src/basic/util.h +++ b/src/basic/util.h @@ -303,8 +303,6 @@ _alloc_(2, 3) static inline void *memdup_multiply(const void *p, size_t a, size_ return memdup(p, a * b); } -bool filename_is_valid(const char *p) _pure_; -bool path_is_safe(const char *p) _pure_; bool string_is_safe(const char *p) _pure_; /** |