From ae6c3cc009a21df4b51851fb8fe3fde0b7d6d8f0 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 12 Dec 2014 02:32:33 +0100 Subject: util: when using basename() for creating temporary files, verify the resulting name is actually valid Also, rename filename_is_safe() to filename_is_valid(), since it actually does a full validation for what the kernel will accept as file name, it's not just a heuristic. --- src/journal/coredump.c | 12 ++++++------ src/journal/journald-native.c | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'src/journal') diff --git a/src/journal/coredump.c b/src/journal/coredump.c index be45a684e5..8678ec6a59 100644 --- a/src/journal/coredump.c +++ b/src/journal/coredump.c @@ -306,9 +306,9 @@ static int save_external_coredump( if (r < 0) return log_error_errno(r, "Failed to determine coredump file name: %m"); - tmp = tempfn_random(fn); - if (!tmp) - return log_oom(); + r = tempfn_random(fn, &tmp); + if (r < 0) + return log_error_errno(r, "Failed to determine temporary file name: %m"); mkdir_p_label("/var/lib/systemd/coredump", 0755); @@ -352,9 +352,9 @@ static int save_external_coredump( goto uncompressed; } - tmp_compressed = tempfn_random(fn_compressed); - if (!tmp_compressed) { - log_oom(); + r = tempfn_random(fn_compressed, &tmp_compressed); + if (r < 0) { + log_error_errno(r, "Failed to determine temporary file name for %s: %m", fn_compressed); goto uncompressed; } diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c index f982696255..f701233bbe 100644 --- a/src/journal/journald-native.c +++ b/src/journal/journald-native.c @@ -350,7 +350,7 @@ void server_process_native_file( return; } - if (!filename_is_safe(e)) { + if (!filename_is_valid(e)) { log_error("Received file in subdirectory of allowed directories. Refusing."); return; } -- cgit v1.2.3-54-g00ecf