From: Lennart Poettering Date: Mon, 11 Jun 2018 10:22:58 +0000 (+0200) Subject: core: rework how we validate DeviceAllow= settings X-Git-Tag: v239~94^2~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=57e84e7535f9b3578313ecdf9f33c8348217a268;p=platform%2Fupstream%2Fsystemd.git core: rework how we validate DeviceAllow= settings Let's make sure we don't validate "char-*" and "block-*" expressions as paths. --- diff --git a/src/basic/path-util.c b/src/basic/path-util.c index f36301c..062b951 100644 --- a/src/basic/path-util.c +++ b/src/basic/path-util.c @@ -893,10 +893,31 @@ bool is_device_path(const char *path) { path_startswith(path, "/sys/"); } -bool is_deviceallow_pattern(const char *path) { - return path_startswith(path, "/dev/") || - startswith(path, "block-") || - startswith(path, "char-"); +bool valid_device_node_path(const char *path) { + + /* Some superficial checks whether the specified path is a valid device node path, all without looking at the + * actual device node. */ + + if (!PATH_STARTSWITH_SET(path, "/dev/", "/run/systemd/inaccessible/")) + return false; + + if (endswith(path, "/")) /* can't be a device node if it ends in a slash */ + return false; + + return path_is_normalized(path); +} + +bool valid_device_allow_pattern(const char *path) { + assert(path); + + /* Like valid_device_node_path(), but also allows full-subsystem expressions, like DeviceAllow= and DeviceDeny= + * accept it */ + + if (startswith(path, "block-") || + startswith(path, "char-")) + return true; + + return valid_device_node_path(path); } int systemd_installation_has_version(const char *root, unsigned minimal_version) { diff --git a/src/basic/path-util.h b/src/basic/path-util.h index d8a923d..486046f 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h @@ -147,7 +147,9 @@ char *file_in_same_dir(const char *path, const char *filename); bool hidden_or_backup_file(const char *filename) _pure_; bool is_device_path(const char *path); -bool is_deviceallow_pattern(const char *path); + +bool valid_device_node_path(const char *path); +bool valid_device_allow_pattern(const char *path); int systemd_installation_has_version(const char *root, unsigned minimal_version); diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c index 194b537..4eb7226 100644 --- a/src/core/dbus-cgroup.c +++ b/src/core/dbus-cgroup.c @@ -1059,15 +1059,12 @@ int bus_cgroup_set_property( while ((r = sd_bus_message_read(message, "(ss)", &path, &rwm)) > 0) { - if ((!is_deviceallow_pattern(path) && - !path_startswith(path, "/run/systemd/inaccessible/")) || - strpbrk(path, WHITESPACE)) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires device node"); + if (!valid_device_allow_pattern(path) || strpbrk(path, WHITESPACE)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires device node or pattern"); if (isempty(rwm)) rwm = "rwm"; - - if (!in_charset(rwm, "rwm")) + else if (!in_charset(rwm, "rwm")) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires combination of rwm flags"); if (!UNIT_WRITE_FLAGS_NOOP(flags)) { diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 2d8525c..935f6be 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -3234,14 +3234,16 @@ int config_parse_device_allow( return 0; } - r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue); - if (r < 0) - return 0; + if (!startswith(resolved, "block-") && !startswith(resolved, "char-")) { - if (!is_deviceallow_pattern(resolved) && - !path_startswith(resolved, "/run/systemd/inaccessible/")) { - log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved); - return 0; + r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue); + if (r < 0) + return 0; + + if (!valid_device_node_path(resolved)) { + log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved); + return 0; + } } if (!isempty(p) && !in_charset(p, "rwm")) {