core: validate input cgroup path more prudently

author Mike Yuan <me@yhndnzj.com>

Thu, 26 Feb 2026 10:06:34 +0000 (11:06 +0100)

committer Arnaud Rebillout <arnaudr@debian.org>

Mon, 13 Apr 2026 07:18:40 +0000 (14:18 +0700)
author Mike Yuan <me@yhndnzj.com>
Thu, 26 Feb 2026 10:06:34 +0000 (11:06 +0100)
committer Arnaud Rebillout <arnaudr@debian.org>
Mon, 13 Apr 2026 07:18:40 +0000 (14:18 +0700)
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c

index b37ed7c8621dac89a0555dc026461c07c43f1653..8385d7ca2a7f3f4e11cb55135799ee3e96594217 100644 (file)
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -549,6 +549,12 @@ static int method_get_unit_by_control_group(sd_bus_message *message, void *userd
          if (r < 0)
                  return r;
  
+        if (!path_is_absolute(cgroup))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Control group path is not absolute: %s", cgroup);
+
+        if (!path_is_normalized(cgroup))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Control group path is not normalized: %s", cgroup);
+
          u = manager_get_unit_by_cgroup(m, cgroup);
          if (!u)
                  return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT, "Control group '%s' is not valid or not managed by this instance", cgroup);
author	Mike Yuan <me@yhndnzj.com>
	Thu, 26 Feb 2026 10:06:34 +0000 (11:06 +0100)
committer	Arnaud Rebillout <arnaudr@debian.org>
	Mon, 13 Apr 2026 07:18:40 +0000 (14:18 +0700)