From 7452c3ff525d23baf6dc723ad3342d289a3d5932 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 18 Oct 2018 13:33:00 +0200
Subject: binfmt: validate rule file name before using it

---
 src/binfmt/binfmt.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/binfmt')

diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c
index 55f700c089..0e5ca1a7e8 100644
--- a/src/binfmt/binfmt.c
+++ b/src/binfmt/binfmt.c
@@ -15,6 +15,7 @@
 #include "fileio.h"
 #include "log.h"
 #include "pager.h"
+#include "path-util.h"
 #include "string-util.h"
 #include "strv.h"
 #include "terminal-util.h"
@@ -27,6 +28,7 @@ static int delete_rule(const char *rule) {
         _cleanup_free_ char *x = NULL, *fn = NULL;
         char *e;
 
+        assert(rule);
         assert(rule[0]);
 
         x = strdup(rule);
@@ -36,6 +38,11 @@ static int delete_rule(const char *rule) {
         e = strchrnul(x+1, x[0]);
         *e = 0;
 
+        if (!filename_is_valid(x + 1)) {
+                log_error("Rule file name '%s' is not valid, refusing.", x+1);
+                return -EINVAL;
+        }
+
         fn = strappend("/proc/sys/fs/binfmt_misc/", x+1);
         if (!fn)
                 return log_oom();
@@ -46,7 +53,7 @@ static int delete_rule(const char *rule) {
 static int apply_rule(const char *rule) {
         int r;
 
-        delete_rule(rule);
+        (void) delete_rule(rule);
 
         r = write_string_file("/proc/sys/fs/binfmt_misc/register", rule, 0);
         if (r < 0)
-- 
cgit v1.2.1