morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-15 17:06:39 +09:00
Code Issues Packages Projects Releases Wiki Activity

util: move filename_is_valid() and path_is_safe() to path-util.[ch]

Browse Source
This commit is contained in:
Lennart Poettering
2015-10-26 18:59:36 +01:00
parent 4349cd7c1d
commit bb15fafe9c
13 changed files with 66 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/basic/locale-util.c
View File

@@ -23,6 +23,7 @@
#include "fd-util.h"
#include "locale-util.h"
#include "path-util.h"
#include "set.h"
#include "string-util.h"
#include "strv.h"

1
src/basic/lockfile-util.c
View File

@@ -30,6 +30,7 @@
#include "fd-util.h"
#include "fileio.h"
#include "lockfile-util.h"
#include "path-util.h"
#include "util.h"
int make_lock_file(const char *p, int operation, LockFile *ret) {

43
src/basic/path-util.c
View File

@@ -723,3 +723,46 @@ char* dirname_malloc(const char *path) {
return dir2;
}
bool filename_is_valid(const char *p) {
const char *e;
if (isempty(p))
return false;
if (streq(p, "."))
return false;
if (streq(p, ".."))
return false;
e = strchrnul(p, '/');
if (*e != 0)
return false;
if (e - p > FILENAME_MAX)
return false;
return true;
}
bool path_is_safe(const char *p) {
if (isempty(p))
return false;
if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
return false;
if (strlen(p)+1 > PATH_MAX)
return false;
/* The following two checks are not really dangerous, but hey, they still are confusing */
if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./"))
return false;
if (strstr(p, "//"))
return false;
return true;
}

3
src/basic/path-util.h
View File

@@ -102,3 +102,6 @@ char *prefix_root(const char *root, const char *path);
int parse_path_argument_and_warn(const char *path, bool suppress_root, char **arg);
char* dirname_malloc(const char *path);
bool filename_is_valid(const char *p) _pure_;
bool path_is_safe(const char *p) _pure_;

41
src/basic/util.c
View File

@@ -1439,26 +1439,6 @@ bool in_initrd(void) {
return saved;
}
bool filename_is_valid(const char *p) {
if (isempty(p))
return false;
if (strchr(p, '/'))
return false;
if (streq(p, "."))
return false;
if (streq(p, ".."))
return false;
if (strlen(p) > FILENAME_MAX)
return false;
return true;
}
bool string_is_safe(const char *p) {
const char *t;
@@ -1476,27 +1456,6 @@ bool string_is_safe(const char *p) {
return true;
}
bool path_is_safe(const char *p) {
if (isempty(p))
return false;
if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
return false;
if (strlen(p)+1 > PATH_MAX)
return false;
/* The following two checks are not really dangerous, but hey, they still are confusing */
if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./"))
return false;
if (strstr(p, "//"))
return false;
return true;
}
/* hey glibc, APIs with callbacks without a user pointer are so useless */
void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size,
int (*compar) (const void *, const void *, void *), void *arg) {

2
src/basic/util.h
View File

@@ -303,8 +303,6 @@ _alloc_(2, 3) static inline void *memdup_multiply(const void *p, size_t a, size_
return memdup(p, a * b);
}
bool filename_is_valid(const char *p) _pure_;
bool path_is_safe(const char *p) _pure_;
bool string_is_safe(const char *p) _pure_;
/**