do not allow kernel properties to be set by udev rules

[elogind.git] / udev / udev-rules.c

diff --git a/udev/udev-rules.c b/udev/udev-rules.c
index 56a258d8adb920638ccd511f4ec5b1579f697215..89d98248a1baf92c1956ccc05e78eb8ff83d4870 100644 (file)
--- a/udev/udev-rules.c
+++ b/udev/udev-rules.c
@@ -1385,6 +1385,26 @@ static int add_rule(struct udev_rules *rules, char *line,
                                if (rule_add_key(&rule_tmp, TK_M_ENV, op, value, attr) != 0)
                                        goto invalid;
                        } else {
+                               static const char *blacklist[] = {
+                                       "ACTION",
+                                       "SUBSYSTEM",
+                                       "DEVTYPE",
+                                       "MAJOR",
+                                       "MINOR",
+                                       "DRIVER",
+                                       "IFINDEX",
+                                       "DEVNAME",
+                                       "DEVLINKS",
+                                       "DEVPATH",
+                                       "TAGS",
+                               };
+                               unsigned int i;
+
+                               for (i = 0; i < ARRAY_SIZE(blacklist); i++)
+                                       if (strcmp(attr, blacklist[i]) == 0) {
+                                               err(rules->udev, "invalid ENV attribute, '%s' can not be set %s:%u\n", attr, filename, lineno);
+                                               continue;
+                                       }
                                if (rule_add_key(&rule_tmp, TK_A_ENV, op, value, attr) != 0)
                                        goto invalid;
                        }
@@ -2528,10 +2548,20 @@ int udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event
                }
                case TK_A_TAG: {
                        char tag[UTIL_PATH_SIZE];
+                       const char *p;
 
                        udev_event_apply_format(event, &rules->buf[cur->key.value_off], tag, sizeof(tag));
                        if (cur->key.op == OP_ASSIGN || cur->key.op == OP_ASSIGN_FINAL)
                                udev_device_cleanup_tags_list(event->dev);
+                       for (p = tag; *p != '\0'; p++) {
+                               if ((*p >= 'a' && *p <= 'z') ||
+                                   (*p >= 'A' && *p <= 'Z') ||
+                                   (*p >= '0' && *p <= '9') ||
+                                   *p == '-' || *p == '_')
+                                       continue;
+                               err(event->udev, "ignoring invalid tag name '%s'\n", tag);
+                               break;
+                       }
                        udev_device_add_tag(event->dev, tag);
                        break;
                }
@@ -2711,7 +2741,7 @@ void udev_rules_apply_static_dev_perms(struct udev_rules *rules)
                        struct stat stats;
 
                        /* we assure, that the permissions tokens are sorted before the static token */
-                       if (uid == 0 && gid == 0)
+                       if (mode == 0 && uid == 0 && gid == 0)
                                goto next;
                        util_strscpyl(filename, sizeof(filename), udev_get_dev_path(rules->udev), "/",
                                      &rules->buf[cur->key.value_off], NULL);