From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Wed, 11 Mar 2026 13:27:14 +0000 (+0000)
Subject: [PATCH] nspawn: normalize pivot_root paths
X-Git-Tag: archive/raspbian/247.3-7+rpi1+deb11u8^2~1
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/%22mailto:tmurad%40gmail.com//%22mailto:i18n-csb%40linuxcsb.org/%22/%22http:/www.example.com/%22mailto:tmurad%40gmail.com/%22mailto:i18n-csb%40linuxcsb.org/%22?a=commitdiff_plain;h=4b7ce48149a22351e82fe4fa27db2634dfacdbd9;p=systemd.git

[PATCH] nspawn: normalize pivot_root paths

Originally reported on yeswehack.com as:
YWH-PGM9780-116

Follow-up for b53ede699cdc5233041a22591f18863fb3fe2672

(cherry picked from commit 7b85f5498a958e5bb660c703b8f4a71cceed3373)
(cherry picked from commit 6566dc1451089e07090f5a114ae2eb43ed39188d)
(cherry picked from commit 1c55a0a5e26a07df828f72092ad1203e221b60db)

Origin: upstream, https://github.com/systemd/systemd/commit/bfa0a842822c4f79da9d47f8a773fd128d8f8a0a

Gbp-Pq: Name CVE-2026-40226-2.patch
---

diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c
index 2ea1bed3..2e8ed134 100644
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@@ -1217,7 +1217,9 @@ int pivot_root_parse(char **pivot_root_new, char **pivot_root_old, const char *s
 
         if (!path_is_absolute(root_new))
                 return -EINVAL;
-        if (root_old && !path_is_absolute(root_old))
+        if (!path_is_normalized(root_new))
+                return -EINVAL;
+        if (root_old && (!path_is_absolute(root_old) || !path_is_normalized(root_old)))
                 return -EINVAL;
 
         free_and_replace(*pivot_root_new, root_new);