core/cgroup: avoid one unnecessary strjoina()

(cherry picked from commit 42aee39107fbdd7db1ccd402a2151822b2805e9f)
(cherry picked from commit 80acea4ef80a4bb78560ed970c34952299b890d6)
(cherry picked from commit b5fd14693057e5f2c9b4a49603be64ec3608ff6c)

Origin: backport, https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412

Gbp-Pq: Name CVE-2026-29111-3.patch

diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 7dc6c20bb7a019021ad02a4e031f507acf6667be..946962cc8d8bd8bb9e1147e92f0580b2e56eb60c 100644 (file)
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -1930,12 +1930,13 @@ static int unit_update_cgroup(
         return 0;
 }
 
-static int unit_attach_pid_to_cgroup_via_bus(Unit *u, pid_t pid, const char *suffix_path) {
+static int unit_attach_pid_to_cgroup_via_bus(Unit *u, const char *cgroup_path, pid_t pid) {
         _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        char *pp;
         int r;
 
         assert(u);
+        assert(cgroup_path);
+        assert(pid_is_valid(pid));
 
         if (MANAGER_IS_SYSTEM(u->manager))
                 return -EINVAL;
@@ -1943,17 +1944,13 @@ static int unit_attach_pid_to_cgroup_via_bus(Unit *u, pid_t pid, const char *suf
         if (!u->manager->system_bus)
                 return -EIO;
 
-        if (!u->cgroup_path)
-                return -EINVAL;
-
         /* Determine this unit's cgroup path relative to our cgroup root */
-        pp = path_startswith(u->cgroup_path, u->manager->cgroup_root);
+        const char *pp = path_startswith_full(cgroup_path,
+                                              u->manager->cgroup_root,
+                                              PATH_STARTSWITH_RETURN_LEADING_SLASH|PATH_STARTSWITH_REFUSE_DOT_DOT);
         if (!pp)
                 return -EINVAL;
 
-        pp = strjoina("/", pp, suffix_path);
-        path_simplify(pp, false);
-
         r = sd_bus_call_method(u->manager->system_bus,
                                "org.freedesktop.systemd1",
                                "/org/freedesktop/systemd1",
@@ -1993,9 +1990,12 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) {
                 return r;
 
         if (isempty(suffix_path))
-                p = u->cgroup_path;
-        else
+                p = empty_to_root(u->cgroup_path);
+        else {
+                assert(path_is_absolute(suffix_path));
+
                 p = prefix_roota(u->cgroup_path, suffix_path);
+        }
 
         delegated_mask = unit_get_delegate_mask(u);
 
@@ -2017,7 +2017,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) {
                                  * privileged it might be able to move the process across the leaves of a subtree who's
                                  * top node is not owned by us. */
 
-                                z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path);
+                                z = unit_attach_pid_to_cgroup_via_bus(u, p, pid);
                                 if (z < 0)
                                         log_unit_debug_errno(u, z, "Couldn't move process " PID_FMT " to requested cgroup '%s' via the system bus either: %m", pid, p);
                                 else