From 5954c07433b134694256b9989f2ad3f85a643976 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 29 Apr 2013 19:15:30 -0300
Subject: cgroup: do not allow manipulating the cgroup path of units within the
 systemd:/system subtree

---
 src/shared/cgroup-util.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

(limited to 'src/shared/cgroup-util.c')

diff --git a/src/shared/cgroup-util.c b/src/shared/cgroup-util.c
index 46a8128eb4..016080f65b 100644
--- a/src/shared/cgroup-util.c
+++ b/src/shared/cgroup-util.c
@@ -916,6 +916,7 @@ int cg_is_empty_recursive(const char *controller, const char *path, bool ignore_
 int cg_split_spec(const char *spec, char **controller, char **path) {
         const char *e;
         char *t = NULL, *u = NULL;
+        _cleanup_free_ char *v = NULL;
 
         assert(spec);
 
@@ -928,6 +929,7 @@ int cg_split_spec(const char *spec, char **controller, char **path) {
                         if (!t)
                                 return -ENOMEM;
 
+                        path_kill_slashes(t);
                         *path = t;
                 }
 
@@ -943,7 +945,7 @@ int cg_split_spec(const char *spec, char **controller, char **path) {
                         return -EINVAL;
 
                 if (controller) {
-                        t = strdup(spec);
+                        t = strdup(normalize_controller(spec));
                         if (!t)
                                 return -ENOMEM;
 
@@ -956,7 +958,10 @@ int cg_split_spec(const char *spec, char **controller, char **path) {
                 return 0;
         }
 
-        t = strndup(spec, e-spec);
+        v = strndup(spec, e-spec);
+        if (!v)
+                return -ENOMEM;
+        t = strdup(normalize_controller(v));
         if (!t)
                 return -ENOMEM;
         if (!cg_controller_is_valid(t, true)) {
@@ -969,12 +974,15 @@ int cg_split_spec(const char *spec, char **controller, char **path) {
                 free(t);
                 return -ENOMEM;
         }
-        if (!path_is_safe(u)) {
+        if (!path_is_safe(u) ||
+            !path_is_absolute(u)) {
                 free(t);
                 free(u);
                 return -EINVAL;
         }
 
+        path_kill_slashes(u);
+
         if (controller)
                 *controller = t;
         else
@@ -993,7 +1001,6 @@ int cg_join_spec(const char *controller, const char *path, char **spec) {
 
         assert(path);
 
-
         if (!controller)
                 controller = "systemd";
         else {
@@ -1010,6 +1017,8 @@ int cg_join_spec(const char *controller, const char *path, char **spec) {
         if (!s)
                 return -ENOMEM;
 
+        path_kill_slashes(s + strlen(controller) + 1);
+
         *spec = s;
         return 0;
 }
@@ -1029,6 +1038,7 @@ int cg_mangle_path(const char *path, char **result) {
                 if (!t)
                         return -ENOMEM;
 
+                path_kill_slashes(t);
                 *result = t;
                 return 0;
         }
-- 
cgit v1.2.3-54-g00ecf