Properly escape all device files

At least in the default install, udev never includes a space or quote
in the device file but better safe than sorry.

Signed-off-by: David Zeuthen <davidz@redhat.com>

diff --git a/src/udiskslinuxblock.c b/src/udiskslinuxblock.c
index abc50dd..99e391f 100644 (file)
--- a/src/udiskslinuxblock.c
+++ b/src/udiskslinuxblock.c
@@ -1673,6 +1673,22 @@ subst_str (const gchar *str,
 }
 
 
+static gchar *
+subst_str_and_escape (const gchar *str,
+                      const gchar *from,
+                      const gchar *to)
+{
+  gchar *escaped;
+  gchar *quoted_and_escaped;
+  gchar *ret;
+  escaped = g_strescape (to, NULL);
+  quoted_and_escaped = g_strconcat ("\"", escaped, "\"", NULL);
+  ret = subst_str (str, from, quoted_and_escaped);
+  g_free (quoted_and_escaped);
+  g_free (escaped);
+  return ret;
+}
+
 /* ---------------------------------------------------------------------------------------------------- */
 
 typedef struct
@@ -1810,8 +1826,6 @@ handle_format (UDisksBlock           *block,
   UDisksCleanup *cleanup;
   const gchar *action_id;
   const FSInfo *fs_info;
-  const gchar *label;
-  gchar *escaped_label = NULL;
   gchar *command = NULL;
   gchar *tmp;
   gchar *error_message;
@@ -1822,6 +1836,8 @@ handle_format (UDisksBlock           *block,
   gboolean take_ownership = FALSE;
   gchar *encrypt_passphrase = NULL;
   gchar *mapped_name = NULL;
+  const gchar *label = NULL;
+  gchar *escaped_device = NULL;
 
   error = NULL;
   object = udisks_daemon_util_dup_object (block, &error);
@@ -1833,7 +1849,6 @@ handle_format (UDisksBlock           *block,
 
   daemon = udisks_linux_block_object_get_daemon (UDISKS_LINUX_BLOCK_OBJECT (object));
   cleanup = udisks_daemon_get_cleanup (daemon);
-  escaped_label = g_shell_quote("");
   command = NULL;
   error_message = NULL;
   error = NULL;
@@ -1875,6 +1890,8 @@ handle_format (UDisksBlock           *block,
   g_variant_lookup (options, "take-ownership", "b", &take_ownership);
   g_variant_lookup (options, "encrypt.passphrase", "s", &encrypt_passphrase);
 
+  escaped_device = g_strescape (udisks_block_get_device (block), NULL);
+
   /* First wipe the device */
   wait_data = g_new0 (FormatWaitData, 1);
   wait_data->object = object;
@@ -1886,8 +1903,8 @@ handle_format (UDisksBlock           *block,
                                               &status,
                                               &error_message,
                                               NULL, /* input_string */
-                                              "wipefs -a %s",
-                                              udisks_block_get_device (block)))
+                                              "wipefs -a \"%s\"",
+                                              escaped_device))
     {
       g_dbus_method_invocation_return_error (invocation,
                                              UDISKS_ERROR,
@@ -1923,8 +1940,8 @@ handle_format (UDisksBlock           *block,
                                                   &status,
                                                   &error_message,
                                                   encrypt_passphrase, /* input_string */
-                                                  "cryptsetup luksFormat %s",
-                                                  udisks_block_get_device (block)))
+                                                  "cryptsetup luksFormat \"%s\"",
+                                                  escaped_device))
         {
           g_dbus_method_invocation_return_error (invocation,
                                                  UDISKS_ERROR,
@@ -1958,8 +1975,8 @@ handle_format (UDisksBlock           *block,
                                                   &status,
                                                   &error_message,
                                                   encrypt_passphrase, /* input_string */
-                                                  "cryptsetup luksOpen %s %s",
-                                                  udisks_block_get_device (block),
+                                                  "cryptsetup luksOpen \"%s\" %s",
+                                                  escaped_device,
                                                   mapped_name))
         {
           g_dbus_method_invocation_return_error (invocation,
@@ -2022,14 +2039,11 @@ handle_format (UDisksBlock           *block,
                        type);
           goto out;
         }
-
-        g_free (escaped_label);
-        escaped_label = g_shell_quote (label);
     }
 
   /* Build and run mkfs shell command */
-  tmp = subst_str (fs_info->command_create_fs, "$DEVICE", udisks_block_get_device (block_to_mkfs));
-  command = subst_str (tmp, "$LABEL", escaped_label);
+  tmp = subst_str_and_escape (fs_info->command_create_fs, "$DEVICE", udisks_block_get_device (block_to_mkfs));
+  command = subst_str_and_escape (tmp, "$LABEL", label != NULL ? label : "");
   g_free (tmp);
   if (!udisks_daemon_launch_spawned_job_sync (daemon,
                                               object_to_mkfs,
@@ -2143,8 +2157,8 @@ handle_format (UDisksBlock           *block,
   udisks_block_complete_format (block, invocation);
 
  out:
+  g_free (escaped_device);
   g_free (mapped_name);
-  g_free (escaped_label);
   g_free (command);
   g_free (encrypt_passphrase);
   g_clear_object (&cleartext_object);

diff --git a/src/udiskslinuxdrive.c b/src/udiskslinuxdrive.c
index 6192f4a..c9764ee 100644 (file)
--- a/src/udiskslinuxdrive.c
+++ b/src/udiskslinuxdrive.c
@@ -682,17 +682,13 @@ handle_eject (UDisksDrive           *_drive,
   UDisksLinuxDrive *drive = UDISKS_LINUX_DRIVE (_drive);
   UDisksLinuxDriveObject *object;
   UDisksLinuxBlockObject *block_object = NULL;
-  UDisksBlock *block;
-  UDisksDaemon *daemon;
+  UDisksBlock *block = NULL;
+  UDisksDaemon *daemon = NULL;
   const gchar *action_id;
-  gchar *error_message;
-  GError *error;
-
-  daemon = NULL;
-  block = NULL;
-  error_message = NULL;
+  gchar *error_message = NULL;
+  GError *error = NULL;
+  gchar *escaped_device = NULL;
 
-  error = NULL;
   object = udisks_daemon_util_dup_object (drive, &error);
   if (object == NULL)
     {
@@ -726,6 +722,8 @@ handle_eject (UDisksDrive           *_drive,
                                                     invocation))
     goto out;
 
+  escaped_device = g_strescape (udisks_block_get_device (block), NULL);
+
   if (!udisks_daemon_launch_spawned_job_sync (daemon,
                                               UDISKS_OBJECT (object),
                                               NULL, /* GCancellable */
@@ -735,7 +733,7 @@ handle_eject (UDisksDrive           *_drive,
                                               &error_message,
                                               NULL,  /* input_string */
                                               "eject \"%s\"",
-                                              udisks_block_get_device (block)))
+                                              escaped_device))
     {
       g_dbus_method_invocation_return_error (invocation,
                                              UDISKS_ERROR,
@@ -749,6 +747,7 @@ handle_eject (UDisksDrive           *_drive,
   udisks_drive_complete_eject (UDISKS_DRIVE (drive), invocation);
 
  out:
+  g_free (escaped_device);
   g_clear_object (&block_object);
   g_free (error_message);
   g_clear_object (&object);

diff --git a/src/udiskslinuxencrypted.c b/src/udiskslinuxencrypted.c
index bf61dff..429e6af 100644 (file)
--- a/src/udiskslinuxencrypted.c
+++ b/src/udiskslinuxencrypted.c
@@ -224,32 +224,25 @@ handle_unlock (UDisksEncrypted        *encrypted,
                const gchar            *passphrase,
                GVariant               *options)
 {
-  UDisksObject *object;
+  UDisksObject *object = NULL;
   UDisksBlock *block;
   UDisksDaemon *daemon;
   UDisksCleanup *cleanup;
-  gchar *error_message;
-  gchar *name;
-  gchar *escaped_name;
-  UDisksObject *cleartext_object;
+  gchar *error_message = NULL;
+  gchar *name = NULL;
+  gchar *escaped_name = NULL;
+  UDisksObject *cleartext_object = NULL;
   UDisksBlock *cleartext_block;
-  GUdevDevice *udev_cleartext_device;
-  GError *error;
+  GUdevDevice *udev_cleartext_device = NULL;
+  GError *error = NULL;
   uid_t caller_uid;
   const gchar *action_id;
   gboolean is_in_crypttab = FALSE;
   gchar *crypttab_name = NULL;
   gchar *crypttab_passphrase = NULL;
   gchar *crypttab_options = NULL;
+  gchar *escaped_device = NULL;
 
-  object = NULL;
-  error_message = NULL;
-  name = NULL;
-  escaped_name = NULL;
-  udev_cleartext_device = NULL;
-  cleartext_object = NULL;
-
-  error = NULL;
   object = udisks_daemon_util_dup_object (encrypted, &error);
   if (object == NULL)
     {
@@ -350,6 +343,8 @@ handle_unlock (UDisksEncrypted        *encrypted,
       passphrase = crypttab_passphrase;
     }
 
+  escaped_device = g_strescape (udisks_block_get_device (block), NULL);
+
   /* TODO: support a 'readonly' option */
   if (!udisks_daemon_launch_spawned_job_sync (daemon,
                                               object,
@@ -360,7 +355,7 @@ handle_unlock (UDisksEncrypted        *encrypted,
                                               &error_message,
                                               passphrase,  /* input_string */
                                               "cryptsetup luksOpen \"%s\" \"%s\"",
-                                              udisks_block_get_device (block),
+                                              escaped_device,
                                               escaped_name))
     {
       g_dbus_method_invocation_return_error (invocation,
@@ -408,6 +403,7 @@ handle_unlock (UDisksEncrypted        *encrypted,
                                     g_dbus_object_get_object_path (G_DBUS_OBJECT (cleartext_object)));
 
  out:
+  g_free (escaped_device);
   g_free (crypttab_name);
   g_free (crypttab_passphrase);
   g_free (crypttab_options);
@@ -594,9 +590,9 @@ handle_change_passphrase (UDisksEncrypted        *encrypted,
   uid_t caller_uid;
   const gchar *action_id;
   gchar *passphrases = NULL;
-  GError *error;
+  GError *error = NULL;
+  gchar *escaped_device = NULL;
 
-  error = NULL;
   object = udisks_daemon_util_dup_object (encrypted, &error);
   if (object == NULL)
     {
@@ -648,6 +644,8 @@ handle_change_passphrase (UDisksEncrypted        *encrypted,
                                                     invocation))
     goto out;
 
+  escaped_device = g_strescape (udisks_block_get_device (block), NULL);
+
   passphrases = g_strdup_printf ("%s\n%s", passphrase, new_passphrase);
   if (!udisks_daemon_launch_spawned_job_sync (daemon,
                                               object,
@@ -658,7 +656,7 @@ handle_change_passphrase (UDisksEncrypted        *encrypted,
                                               &error_message,
                                               passphrases,  /* input_string */
                                               "cryptsetup luksChangeKey \"%s\"",
-                                              udisks_block_get_device (block)))
+                                              escaped_device))
     {
       g_dbus_method_invocation_return_error (invocation,
                                              UDISKS_ERROR,
@@ -672,6 +670,7 @@ handle_change_passphrase (UDisksEncrypted        *encrypted,
   udisks_encrypted_complete_change_passphrase (encrypted, invocation);
 
  out:
+  g_free (escaped_device);
   g_free (passphrases);
   g_free (error_message);
   g_clear_object (&object);

diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c
index 58e09fe..533e6be 100644 (file)
--- a/src/udiskslinuxfilesystem.c
+++ b/src/udiskslinuxfilesystem.c
@@ -559,6 +559,22 @@ subst_str (const gchar *str,
     return result;
 }
 
+static gchar *
+subst_str_and_escape (const gchar *str,
+                      const gchar *from,
+                      const gchar *to)
+{
+  gchar *escaped;
+  gchar *quoted_and_escaped;
+  gchar *ret;
+  escaped = g_strescape (to, NULL);
+  quoted_and_escaped = g_strconcat ("\"", escaped, "\"", NULL);
+  ret = subst_str (str, from, quoted_and_escaped);
+  g_free (quoted_and_escaped);
+  g_free (escaped);
+  return ret;
+}
+
 /* ---------------------------------------------------------------------------------------------------- */
 
 /*
@@ -1070,6 +1086,7 @@ handle_mount (UDisksFilesystem       *filesystem,
   GError *error;
   const gchar *action_id;
   gboolean system_managed;
+  gchar *escaped_device = NULL;
 
   object = NULL;
   error_message = NULL;
@@ -1329,6 +1346,7 @@ handle_mount (UDisksFilesystem       *filesystem,
   escaped_fs_type_to_use       = g_strescape (fs_type_to_use, NULL);
   escaped_mount_options_to_use = g_strescape (mount_options_to_use, NULL);
   escaped_mount_point_to_use   = g_strescape (mount_point_to_use, NULL);
+  escaped_device               = g_strescape (udisks_block_get_device (block), NULL);
 
   /* run mount(8) */
   if (!udisks_daemon_launch_spawned_job_sync (daemon,
@@ -1342,7 +1360,7 @@ handle_mount (UDisksFilesystem       *filesystem,
                                               "mount -t \"%s\" -o \"%s\" \"%s\" \"%s\"",
                                               escaped_fs_type_to_use,
                                               escaped_mount_options_to_use,
-                                              udisks_block_get_device (block),
+                                              escaped_device,
                                               escaped_mount_point_to_use))
     {
       /* ugh, something went wrong.. we need to clean up the created mount point */
@@ -1373,6 +1391,7 @@ handle_mount (UDisksFilesystem       *filesystem,
   udisks_filesystem_complete_mount (filesystem, invocation, mount_point_to_use);
 
  out:
+  g_free (escaped_device);
   g_free (error_message);
   g_free (escaped_fs_type_to_use);
   g_free (escaped_mount_options_to_use);
@@ -1422,6 +1441,7 @@ handle_unmount (UDisksFilesystem       *filesystem,
   gboolean rc;
   gboolean system_managed;
   gboolean fstab_mounted;
+  gchar *escaped_device = NULL;
 
   mount_point = NULL;
   fstab_mount_options = NULL;
@@ -1555,6 +1575,8 @@ handle_unmount (UDisksFilesystem       *filesystem,
         goto out;
     }
 
+  escaped_device = g_strescape (udisks_block_get_device (block), NULL);
+
   /* otherwise go ahead and unmount the filesystem */
   if (mount_point != NULL)
     {
@@ -1584,7 +1606,7 @@ handle_unmount (UDisksFilesystem       *filesystem,
                                                   NULL,  /* input_string */
                                                   "umount %s \"%s\"",
                                                   opt_force ? "-l" : "",
-                                                  udisks_block_get_device (block));
+                                                  escaped_device);
     }
 
   if (!rc)
@@ -1607,6 +1629,7 @@ handle_unmount (UDisksFilesystem       *filesystem,
   udisks_filesystem_complete_unmount (filesystem, invocation);
 
  out:
+  g_free (escaped_device);
   g_free (error_message);
   g_free (escaped_mount_point);
   g_free (mount_point);
@@ -1652,7 +1675,6 @@ handle_set_label (UDisksFilesystem       *filesystem,
   const gchar *probed_fs_type;
   const FSInfo *fs_info;
   UDisksBaseJob *job;
-  gchar *escaped_label;
   const gchar *action_id;
   gchar *command;
   gchar *tmp;
@@ -1660,7 +1682,6 @@ handle_set_label (UDisksFilesystem       *filesystem,
 
   object = NULL;
   daemon = NULL;
-  escaped_label = NULL;
   command = NULL;
 
   error = NULL;
@@ -1752,16 +1773,14 @@ handle_set_label (UDisksFilesystem       *filesystem,
                                                     invocation))
     goto out;
 
-  escaped_label = g_shell_quote (label);
-
   if (fs_info->command_clear_label != NULL && strlen (label) == 0)
     {
-      command = subst_str (fs_info->command_clear_label, "$DEVICE", udisks_block_get_device (block));
+      command = subst_str_and_escape (fs_info->command_clear_label, "$DEVICE", udisks_block_get_device (block));
     }
   else
     {
-      tmp = subst_str (fs_info->command_change_label, "$DEVICE", udisks_block_get_device (block));
-      command = subst_str (tmp, "$LABEL", escaped_label);
+      tmp = subst_str_and_escape (fs_info->command_change_label, "$DEVICE", udisks_block_get_device (block));
+      command = subst_str_and_escape (tmp, "$LABEL", label);
       g_free (tmp);
     }
 
@@ -1778,7 +1797,6 @@ handle_set_label (UDisksFilesystem       *filesystem,
                     invocation);
 
  out:
-  g_free (escaped_label);
   g_free (command);
   g_clear_object (&object);
   return TRUE; /* returning TRUE means that we handled the method invocation */

diff --git a/src/udiskslinuxswapspace.c b/src/udiskslinuxswapspace.c
index 94391da..701e5d1 100644 (file)
--- a/src/udiskslinuxswapspace.c
+++ b/src/udiskslinuxswapspace.c
@@ -159,6 +159,7 @@ handle_start (UDisksSwapspace        *swapspace,
   UDisksBlock *block;
   UDisksBaseJob *job;
   GError *error;
+  gchar *escaped_device = NULL;
 
   error = NULL;
   object = udisks_daemon_util_dup_object (swapspace, &error);
@@ -179,20 +180,23 @@ handle_start (UDisksSwapspace        *swapspace,
                                                     invocation))
     goto out;
 
+  escaped_device = g_strescape (udisks_block_get_device (block), NULL);
+
   job = udisks_daemon_launch_spawned_job (daemon,
                                           object,
                                           NULL, /* cancellable */
                                           0,    /* uid_t run_as_uid */
                                           0,    /* uid_t run_as_euid */
                                           NULL, /* input_string */
-                                          "swapon %s",
-                                          udisks_block_get_device (block));
+                                          "swapon \"%s\"",
+                                          escaped_device);
   g_signal_connect (job,
                     "completed",
                     G_CALLBACK (swapspace_start_on_job_completed),
                     invocation);
 
  out:
+  g_free (escaped_device);
   g_clear_object (&object);
   return TRUE;
 }
@@ -225,6 +229,7 @@ handle_stop (UDisksSwapspace        *swapspace,
   UDisksDaemon *daemon;
   UDisksBlock *block;
   UDisksBaseJob *job;
+  gchar *escaped_device = NULL;
 
   object = UDISKS_OBJECT (g_dbus_interface_get_object (G_DBUS_INTERFACE (swapspace)));
   daemon = udisks_linux_block_object_get_daemon (UDISKS_LINUX_BLOCK_OBJECT (object));
@@ -243,20 +248,23 @@ handle_stop (UDisksSwapspace        *swapspace,
                                                     invocation))
     goto out;
 
+  escaped_device = g_strescape (udisks_block_get_device (block), NULL);
+
   job = udisks_daemon_launch_spawned_job (daemon,
                                           object,
                                           NULL, /* cancellable */
                                           0,    /* uid_t run_as_uid */
                                           0,    /* uid_t run_as_euid */
                                           NULL, /* input_string */
-                                          "swapoff %s",
-                                          udisks_block_get_device (block));
+                                          "swapoff \"%s\"",
+                                          escaped_device);
   g_signal_connect (job,
                     "completed",
                     G_CALLBACK (swapspace_stop_on_job_completed),
                     invocation);
 
  out:
+  g_free (escaped_device);
   return TRUE;
 }