nspawn: properly validate machine names

[elogind.git] / src / nspawn / nspawn.c

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 932696aa9e1fae860c930f7a7ef656003774cb78..e1e1c367f0250437f3ce621e2d9bf5b9aabccc22 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -90,6 +90,7 @@
 #include "base-filesystem.h"
 #include "barrier.h"
 #include "event-util.h"
+#include "cap-list.h"
 
 #ifdef HAVE_SECCOMP
 #include "seccomp-util.h"
@@ -368,15 +369,13 @@ static int parse_argv(int argc, char *argv[]) {
                                 free(arg_machine);
                                 arg_machine = NULL;
                         } else {
-
-                                if (!hostname_is_valid(optarg)) {
+                                if (!machine_name_is_valid(optarg)) {
                                         log_error("Invalid machine name: %s", optarg);
                                         return -EINVAL;
                                 }
 
-                                free(arg_machine);
-                                arg_machine = strdup(optarg);
-                                if (!arg_machine)
+                                r = free_and_strdup(&arg_machine, optarg);
+                                if (r < 0)
                                         return log_oom();
 
                                 break;
@@ -401,7 +400,6 @@ static int parse_argv(int argc, char *argv[]) {
 
                         FOREACH_WORD_SEPARATOR(word, length, optarg, ",", state) {
                                 _cleanup_free_ char *t;
-                                cap_value_t cap;
 
                                 t = strndup(word, length);
                                 if (!t)
@@ -413,7 +411,10 @@ static int parse_argv(int argc, char *argv[]) {
                                         else
                                                 minus = (uint64_t) -1;
                                 } else {
-                                        if (cap_from_name(t, &cap) < 0) {
+                                        int cap;
+
+                                        cap = capability_from_name(t);
+                                        if (cap < 0) {
                                                 log_error("Failed to parse capability %s.", t);
                                                 return -EINVAL;
                                         }