path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag

As requested: https://github.com/systemd/systemd/pull/37572#pullrequestreview-2861928094

(cherry picked from commit ceed11e465f1c8efff1931412a85924d9de7c08d)

Origin: backport, https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69

Gbp-Pq: Name CVE-2026-29111-2.patch

diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c
index 9950ff3e244784735065baa17cc24816dafd1b2f..702331ac1d6cf3d6840cc944981ac310a0a8e152 100644 (file)
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@@ -67,7 +67,7 @@ int rmdir_parents(const char *path, const char *stop) {
                 assert(*slash == '/');
                 *slash = '\0';
 
-                if (path_startswith_full(stop, p, /* flags= */ 0))
+                if (path_startswith_full(stop, p, PATH_STARTSWITH_REFUSE_DOT_DOT))
                         return 0;
 
                 if (rmdir(p) < 0 && errno != ENOENT)

diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c
index 478cb693b259723b55560e136c4fa8b1102500dc..c2ec09e7cf39812b93194e28006faf05f7f4d5e5 100644 (file)
--- a/src/basic/mkdir.c
+++ b/src/basic/mkdir.c
@@ -99,7 +99,7 @@ int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, ui
         assert(_mkdirat != mkdirat);
 
         if (prefix) {
-                p = path_startswith_full(path, prefix, /* flags= */ 0);
+                p = path_startswith_full(path, prefix, PATH_STARTSWITH_REFUSE_DOT_DOT);
                 if (!p)
                         return -ENOTDIR;
         } else
@@ -144,7 +144,7 @@ int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, ui
 
                 s[n] = '\0';
 
-                if (!prefix || !path_startswith_full(prefix, path, /* flags= */ 0)) {
+                if (!prefix || !path_startswith_full(prefix, path, PATH_STARTSWITH_REFUSE_DOT_DOT)) {
                         r = mkdir_safe_internal(path, mode, uid, gid, flags | MKDIR_IGNORE_EXISTING, _mkdirat);
                         if (r < 0 && r != -EEXIST)
                                 return r;

diff --git a/src/basic/path-util.c b/src/basic/path-util.c
index 0c2d08c69af2b53f8ab155fd3394fa7b4aac349f..47248c7a0e1f6f63dde8ef1e153cab2cf2eeda9f 100644 (file)
--- a/src/basic/path-util.c
+++ b/src/basic/path-util.c
@@ -422,11 +422,11 @@ char* path_startswith_full(const char *original_path, const char *prefix, PathSt
                 const char *p, *q;
                 int m, n;
 
-                m = path_find_first_component(&path, FLAGS_SET(flags, PATH_STARTSWITH_ACCEPT_DOT_DOT), &p);
+                m = path_find_first_component(&path, !FLAGS_SET(flags, PATH_STARTSWITH_REFUSE_DOT_DOT), &p);
                 if (m < 0)
                         return NULL;
 
-                n = path_find_first_component(&prefix, FLAGS_SET(flags, PATH_STARTSWITH_ACCEPT_DOT_DOT), &q);
+                n = path_find_first_component(&prefix, !FLAGS_SET(flags, PATH_STARTSWITH_REFUSE_DOT_DOT), &q);
                 if (n < 0)
                         return NULL;
 

diff --git a/src/basic/path-util.h b/src/basic/path-util.h
index e083a91aee800b272527abad23a821a8181a4876..33f41503da19eef913830b8a395f701e256611c6 100644 (file)
--- a/src/basic/path-util.h
+++ b/src/basic/path-util.h
@@ -64,13 +64,13 @@ int path_make_relative(const char *from, const char *to, char **ret);
 int path_make_relative_parent(const char *from_child, const char *to, char **ret);
 
 typedef enum PathStartWithFlags {
-        PATH_STARTSWITH_ACCEPT_DOT_DOT       = 1U << 0,
+        PATH_STARTSWITH_REFUSE_DOT_DOT       = 1U << 0,
         PATH_STARTSWITH_RETURN_LEADING_SLASH = 1U << 1,
 } PathStartWithFlags;
 
 char* path_startswith_full(const char *path, const char *prefix, PathStartWithFlags flags) _pure_;
 static inline char* path_startswith(const char *path, const char *prefix) {
-        return path_startswith_full(path, prefix, PATH_STARTSWITH_ACCEPT_DOT_DOT);
+        return path_startswith_full(path, prefix, 0);
 }
 int path_compare(const char *a, const char *b) _pure_;