From: Mike Yuan Date: Thu, 26 Feb 2026 10:06:34 +0000 (+0100) Subject: core: validate input cgroup path more prudently X-Git-Tag: archive/raspbian/247.3-7+rpi1+deb11u8^2~4 X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/%22mailto:kde%40ewsoftware.de/%22style.css//%22http:www.pckurd.net/%22/%22http:/www.example.com/%22mailto:kde%40ewsoftware.de/%22style.css/%22http:www.pckurd.net/%22?a=commitdiff_plain;h=7d97def352469d35b1d743347020d76e95bac237;p=systemd.git core: validate input cgroup path more prudently (cherry picked from commit efa6ba2ab625aaa160ac435a09e6482fc63bdbe8) (cherry picked from commit 3cee294fe8cf4fa0eff933ab21416d099942cabd) (cherry picked from commit 1d22f706bd04f45f8422e17fbde3f56ece17758a) Origin: backport, https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f Gbp-Pq: Name CVE-2026-29111-4.patch --- diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index b37ed7c8..8385d7ca 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -549,6 +549,12 @@ static int method_get_unit_by_control_group(sd_bus_message *message, void *userd if (r < 0) return r; + if (!path_is_absolute(cgroup)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Control group path is not absolute: %s", cgroup); + + if (!path_is_normalized(cgroup)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Control group path is not normalized: %s", cgroup); + u = manager_get_unit_by_cgroup(m, cgroup); if (!u) return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT, "Control group '%s' is not valid or not managed by this instance", cgroup);