use strneq instead of strncmp

[elogind.git] / src / locale / localed.c

diff --git a/src/locale/localed.c b/src/locale/localed.c
index 667c5d19706de0fd305535538294ab525c8efc02..fedcdfb373c83899a2fcf12357f6cf1ce233b4f6 100644 (file)
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -31,6 +31,7 @@
 #include "dbus-common.h"
 #include "polkit.h"
 #include "def.h"
+#include "env-util.h"
 
 #define INTERFACE                                                       \
         " <interface name=\"org.freedesktop.locale1\">\n"               \
@@ -567,7 +568,7 @@ static int write_data_x11(void) {
                 return 0;
         }
 
-        mkdir_parents_label("/etc/X11/xorg.conf.d", 0755);
+        mkdir_p_label("/etc/X11/xorg.conf.d", 0755);
 
         r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path);
         if (r < 0)
@@ -853,7 +854,7 @@ static int convert_x11_to_vconsole(DBusConnection *connection) {
                                  * layout stripped off. */
                                 if (x > 0 &&
                                     strlen(a[1]) == x &&
-                                    strncmp(state.x11_layout, a[1], x) == 0)
+                                    strneq(state.x11_layout, a[1], x))
                                         matching = 5;
                                 else  {
                                         size_t w;
@@ -1039,7 +1040,9 @@ static DBusHandlerResult locale_message_handler(
                                 size_t k;
 
                                 k = strlen(names[p]);
-                                if (startswith(*i, names[p]) && (*i)[k] == '=') {
+                                if (startswith(*i, names[p]) &&
+                                    (*i)[k] == '=' &&
+                                    string_is_safe((*i) + k + 1)) {
                                         valid = true;
                                         passed[p] = true;
 
@@ -1123,7 +1126,9 @@ static DBusHandlerResult locale_message_handler(
                                         "Locale\0");
                         if (!changed)
                                 goto oom;
-                }
+                } else
+                        strv_free(l);
+
         } else if (dbus_message_is_method_call(message, "org.freedesktop.locale1", "SetVConsoleKeyboard")) {
 
                 const char *keymap, *keymap_toggle;
@@ -1148,6 +1153,10 @@ static DBusHandlerResult locale_message_handler(
                 if (!streq_ptr(keymap, state.vc_keymap) ||
                     !streq_ptr(keymap_toggle, state.vc_keymap_toggle)) {
 
+                        if ((keymap && (!filename_is_safe(keymap) || !string_is_safe(keymap))) ||
+                            (keymap_toggle && (!filename_is_safe(keymap_toggle) || !string_is_safe(keymap_toggle))))
+                                return bus_send_error_reply(connection, message, NULL, -EINVAL);
+
                         r = verify_polkit(connection, message, "org.freedesktop.locale1.set-keyboard", interactive, NULL, &error);
                         if (r < 0)
                                 return bus_send_error_reply(connection, message, &error, r);
@@ -1218,6 +1227,12 @@ static DBusHandlerResult locale_message_handler(
                     !streq_ptr(variant, state.x11_variant) ||
                     !streq_ptr(options, state.x11_options)) {
 
+                        if ((layout && !string_is_safe(layout)) ||
+                            (model && !string_is_safe(model)) ||
+                            (variant && !string_is_safe(variant)) ||
+                            (options && !string_is_safe(options)))
+                                return bus_send_error_reply(connection, message, NULL, -EINVAL);
+
                         r = verify_polkit(connection, message, "org.freedesktop.locale1.set-keyboard", interactive, NULL, &error);
                         if (r < 0)
                                 return bus_send_error_reply(connection, message, &error, r);