util: be a bit safer in path_is_safe()

[elogind.git] / src / shared / util.c

diff --git a/src/shared/util.c b/src/shared/util.c
index f9094cc7e51666be217005953e3109b2b852ceb6..f904d03257f1b63e43d578ddd5c65b0b3aee744a 100644 (file)
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -350,7 +350,6 @@ int parse_uid(const char *s, uid_t* ret_uid) {
         int r;
 
         assert(s);
-        assert(ret_uid);
 
         r = safe_atolu(s, &ul);
         if (r < 0)
@@ -369,7 +368,9 @@ int parse_uid(const char *s, uid_t* ret_uid) {
         if (uid == (uid_t) 0xFFFF)
                 return -ENXIO;
 
-        *ret_uid = uid;
+        if (ret_uid)
+                *ret_uid = uid;
+
         return 0;
 }
 
@@ -3917,7 +3918,7 @@ bool path_is_safe(const char *p) {
         if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
                 return false;
 
-        if (strlen(p) > PATH_MAX)
+        if (strlen(p)+1 > PATH_MAX)
                 return false;
 
         /* The following two checks are not really dangerous, but hey, they still are confusing */