morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 16:37:19 +09:00
Code Issues Packages Projects Releases Wiki Activity

bootctl: be more careful when opening arbitrary files from ESP

Browse Source 
Let's refuse all kind of weird stuff early.

As suggested here: https://github.com/systemd/systemd/pull/30418#pullrequestreview-2128220792
This commit is contained in:
Lennart Poettering
2025-06-20 13:59:04 +02:00
parent da993edcf7
commit 95df8288c7
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/bootctl/bootctl-install.c
View File

@@ -352,9 +352,9 @@ static int update_efi_boot_binaries(const char *esp_path, const char *source_pat
if (!endswith_no_case(de->d_name, ".efi"))
continue;
fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC);
fd = xopenat_full(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, XO_REGULAR, /* mode= */ 0);
if (fd < 0)
return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name);
return log_error_errno(fd, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name);
r = get_file_version(fd, &v);
if (r == -ESRCH)
@@ -1105,9 +1105,9 @@ static int remove_boot_efi(const char *esp_path) {
if (!endswith_no_case(de->d_name, ".efi"))
continue;
fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC);
fd = xopenat_full(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, XO_REGULAR, /* mode= */ 0);
if (fd < 0)
return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name);
return log_error_errno(fd, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name);
r = get_file_version(fd, &v);
if (r == -ESRCH)