From e66e5b612a9e5921d79a6aedab4983e33dff8cb1 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 30 Apr 2015 19:42:48 +0200 Subject: cgroup-util: be more strict when processing slice unit names --- src/shared/cgroup-util.c | 8 +++++++- src/test/test-cgroup-util.c | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/shared/cgroup-util.c b/src/shared/cgroup-util.c index 1306cc197a..b5e4094f4e 100644 --- a/src/shared/cgroup-util.c +++ b/src/shared/cgroup-util.c @@ -1663,11 +1663,17 @@ int cg_slice_to_path(const char *unit, char **ret) { return -ENOMEM; dash = strchr(p, '-'); + + /* Don't allow initial dashes */ + if (dash == p) + return -EINVAL; + while (dash) { _cleanup_free_ char *escaped = NULL; char n[dash - p + sizeof(".slice")]; - if (isempty(dash + 1)) + /* Don't allow trailing or double dashes */ + if (dash[1] == 0 || dash[1] == '-') return -EINVAL; strcpy(stpncpy(n, p, dash - p), ".slice"); diff --git a/src/test/test-cgroup-util.c b/src/test/test-cgroup-util.c index efe99cb34b..4a89f64518 100644 --- a/src/test/test-cgroup-util.c +++ b/src/test/test-cgroup-util.c @@ -274,7 +274,7 @@ static void test_slice_to_path(void) { test_slice_to_path_one("-foo-.slice", NULL, -EINVAL); test_slice_to_path_one("-foo.slice", NULL, -EINVAL); test_slice_to_path_one("foo-.slice", NULL, -EINVAL); - test_slice_to_path_one("foo--bar.slice", "foo.slice/foo-.slice/foo--bar.slice", 0); + test_slice_to_path_one("foo--bar.slice", NULL, -EINVAL); test_slice_to_path_one("foo.slice/foo--bar.slice", NULL, -EINVAL); test_slice_to_path_one("a-b.slice", "a.slice/a-b.slice", 0); test_slice_to_path_one("a-b-c-d-e.slice", "a.slice/a-b.slice/a-b-c.slice/a-b-c-d.slice/a-b-c-d-e.slice", 0); -- cgit v1.2.3-54-g00ecf