diff options
author | Lennart Poettering <lennart@poettering.net> | 2017-07-14 19:03:32 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2017-07-31 18:20:28 +0200 |
commit | 7a1f1aaa789ae37b548bf55795e1733a21856c85 (patch) | |
tree | cf7f9af5549e0b05f1b3f6b887bfb64e6e9cb906 | |
parent | ec6fe7c86ab767e9fe6d9d5338e4716f9688f360 (diff) | |
download | systemd-7a1f1aaa789ae37b548bf55795e1733a21856c85.tar.gz |
journald: only accept valid unit names for log streams
Let's be a bit stricter in what we end up logging: ignore invalid unit
name specifications. Let's validate all input!
As we ignore unit names passed in from unprivileged clients anyway the
effect of this additional check is minimal.
(Also, no need to initialize the identifier/unit_id fields of stream
objects to NULL if empty strings are passed, the default is NULL
anyway...)
-rw-r--r-- | src/journal/journald-stream.c | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c index 77551dc14b..ec10d7aedf 100644 --- a/src/journal/journald-stream.c +++ b/src/journal/journald-stream.c @@ -46,6 +46,7 @@ #include "stdio-util.h" #include "string-util.h" #include "syslog-util.h" +#include "unit-name.h" #define STDOUT_STREAMS_MAX 4096 @@ -295,9 +296,7 @@ static int stdout_stream_line(StdoutStream *s, char *p) { switch (s->state) { case STDOUT_STREAM_IDENTIFIER: - if (isempty(p)) - s->identifier = NULL; - else { + if (!isempty(p)) { s->identifier = strdup(p); if (!s->identifier) return log_oom(); @@ -307,14 +306,12 @@ static int stdout_stream_line(StdoutStream *s, char *p) { return 0; case STDOUT_STREAM_UNIT_ID: - if (s->ucred.uid == 0) { - if (isempty(p)) - s->unit_id = NULL; - else { - s->unit_id = strdup(p); - if (!s->unit_id) - return log_oom(); - } + if (s->ucred.uid == 0 && + unit_name_is_valid(p, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE)) { + + s->unit_id = strdup(p); + if (!s->unit_id) + return log_oom(); } s->state = STDOUT_STREAM_PRIORITY; |