From: Mike Yuan <me@yhndnzj.com>
Date: Thu, 26 Feb 2026 10:06:34 +0000 (+0100)
Subject: [PATCH] core: validate input cgroup path more prudently
X-Git-Tag: archive/raspbian/252.39-1_deb12u2+rpi1^2~4
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=9ed8a88c561cf653c102043b21a08118940bbe3a;p=systemd.git

[PATCH] core: validate input cgroup path more prudently

(cherry picked from commit efa6ba2ab625aaa160ac435a09e6482fc63bdbe8)
(cherry picked from commit 3cee294fe8cf4fa0eff933ab21416d099942cabd)
(cherry picked from commit 1d22f706bd04f45f8422e17fbde3f56ece17758a)

Origin: upstream, https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f

Gbp-Pq: Name CVE-2026-29111-4.patch
---

diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 9df3153b..ac51a492 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -644,6 +644,12 @@ static int method_get_unit_by_control_group(sd_bus_message *message, void *userd
         if (r < 0)
                 return r;
 
+        if (!path_is_absolute(cgroup))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Control group path is not absolute: %s", cgroup);
+
+        if (!path_is_normalized(cgroup))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Control group path is not normalized: %s", cgroup);
+
         u = manager_get_unit_by_cgroup(m, cgroup);
         if (!u)
                 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT,