From d9f7305fd73718f7e33de96b18efc639cb13b0bf Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 19 Dec 2017 15:34:04 +0900 Subject: [PATCH] cgroup: move path checking logic to dbus-cgroup.c --- src/core/dbus-cgroup.c | 18 ++++++++++++++---- src/shared/bus-unit-util.c | 34 ++++++++-------------------------- 2 files changed, 22 insertions(+), 30 deletions(-) diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c index abca4e1..70dca6c 100644 --- a/src/core/dbus-cgroup.c +++ b/src/core/dbus-cgroup.c @@ -630,6 +630,9 @@ int bus_cgroup_set_property( while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) { + if (!path_startswith(path, "/dev")) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s specified in %s= is not a device file in /dev", name, path); + if (!UNIT_WRITE_FLAGS_NOOP(flags)) { CGroupIODeviceLimit *a = NULL, *b; @@ -714,6 +717,9 @@ int bus_cgroup_set_property( while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) { + if (!path_startswith(path, "/dev")) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s specified in %s= is not a device file in /dev", name, path); + if (!CGROUP_WEIGHT_IS_OK(weight) || weight == CGROUP_WEIGHT_INVALID) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "IODeviceWeight= value out of range"); @@ -855,6 +861,9 @@ int bus_cgroup_set_property( while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) { + if (!path_startswith(path, "/dev")) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s specified in %s= is not a device file in /dev", name, path); + if (!UNIT_WRITE_FLAGS_NOOP(flags)) { CGroupBlockIODeviceBandwidth *a = NULL, *b; @@ -951,6 +960,9 @@ int bus_cgroup_set_property( while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) { + if (!path_startswith(path, "/dev")) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s specified in %s= is not a device file in /dev", name, path); + if (!CGROUP_BLKIO_WEIGHT_IS_OK(weight) || weight == CGROUP_BLKIO_WEIGHT_INVALID) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "BlockIODeviceWeight= out of range"); @@ -1170,10 +1182,8 @@ int bus_cgroup_set_property( while ((r = sd_bus_message_read(message, "(ss)", &path, &rwm)) > 0) { - if ((!path_startswith(path, "/dev/") && - !path_startswith(path, "/run/systemd/inaccessible/") && - !startswith(path, "block-") && - !startswith(path, "char-")) || + if ((!is_deviceallow_pattern(path) && + !path_startswith(path, "/run/systemd/inaccessible/")) || strpbrk(path, WHITESPACE)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires device node"); diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c index b406bdd..6940f35 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c @@ -480,23 +480,15 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons if (isempty(eq)) r = sd_bus_message_append(m, "(sv)", field, "a(ss)", 0); else { - const char *path, *rwm, *e; + const char *path = eq, *rwm = NULL, *e; e = strchr(eq, ' '); if (e) { path = strndupa(eq, e - eq); rwm = e+1; - } else { - path = eq; - rwm = ""; - } - - if (!is_deviceallow_pattern(path)) { - log_error("%s is not a device file in /dev.", path); - return -EINVAL; } - r = sd_bus_message_append(m, "(sv)", field, "a(ss)", 1, path, rwm); + r = sd_bus_message_append(m, "(sv)", field, "a(ss)", 1, path, strempty(rwm)); } if (r < 0) @@ -514,18 +506,13 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons uint64_t bytes; e = strchr(eq, ' '); - if (e) { - path = strndupa(eq, e - eq); - bandwidth = e+1; - } else { + if (!e) { log_error("Failed to parse %s value %s.", field, eq); return -EINVAL; } - if (!path_startswith(path, "/dev")) { - log_error("%s is not a device file in /dev.", path); - return -EINVAL; - } + path = strndupa(eq, e - eq); + bandwidth = e+1; if (streq(bandwidth, "infinity")) { bytes = CGROUP_LIMIT_MAX; @@ -553,18 +540,13 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons uint64_t u; e = strchr(eq, ' '); - if (e) { - path = strndupa(eq, e - eq); - weight = e+1; - } else { + if (!e) { log_error("Failed to parse %s value %s.", field, eq); return -EINVAL; } - if (!path_startswith(path, "/dev")) { - log_error("%s is not a device file in /dev.", path); - return -EINVAL; - } + path = strndupa(eq, e - eq); + weight = e+1; r = safe_atou64(weight, &u); if (r < 0) -- 2.7.4