shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-05 13:18:06 +03:00
Code

network: refuse files under API VFS specified in PrivateKeyFile= and friends

Browse Source 
Addresses https://github.com/systemd/systemd/pull/34013#discussion_r1719890231.
This commit is contained in:
Yu Watanabe 2024-08-17 02:01:51 +09:00
parent 4bf1a2c383
commit c53a28cea1
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/network/netdev/macsec.c
View File

@ -777,7 +777,7 @@ int config_parse_macsec_key_file(
if (!path)
return log_oom();
if (path_simplify_and_warn(path, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue) < 0)
if (path_simplify_and_warn(path, PATH_CHECK_ABSOLUTE|PATH_CHECK_NON_API_VFS, unit, filename, line, lvalue) < 0)
return 0;
free_and_replace(*dest, path);

4
src/network/netdev/wireguard.c
View File

@ -574,7 +574,7 @@ int config_parse_wireguard_private_key_file(
if (!path)
return log_oom();
if (path_simplify_and_warn(path, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue) < 0)
if (path_simplify_and_warn(path, PATH_CHECK_ABSOLUTE|PATH_CHECK_NON_API_VFS, unit, filename, line, lvalue) < 0)
return 0;
return free_and_replace(w->private_key_file, path);
@ -652,7 +652,7 @@ int config_parse_wireguard_peer_key_file(
if (!path)
return log_oom();
if (path_simplify_and_warn(path, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue) < 0)
if (path_simplify_and_warn(path, PATH_CHECK_ABSOLUTE|PATH_CHECK_NON_API_VFS, unit, filename, line, lvalue) < 0)
return 0;
free_and_replace(*key_file, path);