diff --git a/src/basic/path-util.c b/src/basic/path-util.c index 995f39f16e..221517303e 100644 --- a/src/basic/path-util.c +++ b/src/basic/path-util.c @@ -1139,5 +1139,12 @@ int path_simplify_and_warn( return -EINVAL; } + if (!path_is_valid(path)) { + log_syntax(unit, LOG_ERR, filename, line, 0, + "%s= path has invalid length (%zu bytes)%s.", + lvalue, strlen(path), fatal ? "" : ", ignoring"); + return -EINVAL; + } + return 0; } diff --git a/src/basic/path-util.h b/src/basic/path-util.h index 78db41b855..094aa47c01 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h @@ -97,12 +97,24 @@ int mkfs_exists(const char *fstype); /* Iterates through the path prefixes of the specified path, going up * the tree, to root. Also returns "" (and not "/"!) for the root * directory. Excludes the specified directory itself */ -#define PATH_FOREACH_PREFIX(prefix, path) \ - for (char *_slash = ({ path_simplify(strcpy(prefix, path), false); streq(prefix, "/") ? NULL : strrchr(prefix, '/'); }); _slash && ((*_slash = 0), true); _slash = strrchr((prefix), '/')) +#define PATH_FOREACH_PREFIX(prefix, path) \ + for (char *_slash = ({ \ + path_simplify(strcpy(prefix, path), false); \ + streq(prefix, "/") ? NULL : strrchr(prefix, '/'); \ + }); \ + _slash && ((*_slash = 0), true); \ + _slash = strrchr((prefix), '/')) /* Same as PATH_FOREACH_PREFIX but also includes the specified path itself */ -#define PATH_FOREACH_PREFIX_MORE(prefix, path) \ - for (char *_slash = ({ path_simplify(strcpy(prefix, path), false); if (streq(prefix, "/")) prefix[0] = 0; strrchr(prefix, 0); }); _slash && ((*_slash = 0), true); _slash = strrchr((prefix), '/')) +#define PATH_FOREACH_PREFIX_MORE(prefix, path) \ + for (char *_slash = ({ \ + path_simplify(strcpy(prefix, path), false); \ + if (streq(prefix, "/")) \ + prefix[0] = 0; \ + strrchr(prefix, 0); \ + }); \ + _slash && ((*_slash = 0), true); \ + _slash = strrchr((prefix), '/')) char *prefix_root(const char *root, const char *path); diff --git a/src/core/device.c b/src/core/device.c index ec05695e57..960f403718 100644 --- a/src/core/device.c +++ b/src/core/device.c @@ -839,7 +839,7 @@ static void device_enumerate(Manager *m) { r = sd_device_enumerator_new(&e); if (r < 0) { - log_error_errno(r, "Failed to alloacte device enumerator: %m"); + log_error_errno(r, "Failed to allocate device enumerator: %m"); goto fail; } diff --git a/src/core/manager.c b/src/core/manager.c index 871047e628..2398dcf4ea 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -2222,7 +2222,7 @@ static unsigned manager_dispatch_dbus_queue(Manager *m) { static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) { Manager *m = userdata; - char buf[PATH_MAX+1]; + char buf[PATH_MAX]; ssize_t n; n = recv(fd, buf, sizeof(buf), 0); diff --git a/src/core/unit.c b/src/core/unit.c index e1b6e9f11c..a9303a0f3f 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -4580,7 +4580,6 @@ int unit_kill_context( int unit_require_mounts_for(Unit *u, const char *path, UnitDependencyMask mask) { _cleanup_free_ char *p = NULL; - char *prefix; UnitDependencyInfo di; int r; @@ -4620,7 +4619,7 @@ int unit_require_mounts_for(Unit *u, const char *path, UnitDependencyMask mask) return r; p = NULL; - prefix = alloca(strlen(path) + 1); + char prefix[strlen(path) + 1]; PATH_FOREACH_PREFIX_MORE(prefix, path) { Set *x; diff --git a/test/fuzz/fuzz-unit-file/oss-fuzz-11569 b/test/fuzz/fuzz-unit-file/oss-fuzz-11569 new file mode 100644 index 0000000000..c49b8c6b1c Binary files /dev/null and b/test/fuzz/fuzz-unit-file/oss-fuzz-11569 differ