morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-15 08:56:15 +09:00
Code Issues Packages Projects Releases Wiki Activity

tree-wide: add basic validation of --background argument

Browse Source 
Check whether the argument of the `--background` option of
`systemd-run`, `run0`, `systemd-nspawn`, `systemd-vmspawn`, and
`systemd-pty-forward` is either empty or looks like an ANSI color code,
and reject invalid values when parsing arguments.

We consider a string to look like an ANSI color code if it consists of
one or more sequences of ASCII digits separated by semicolons. This
permits every valid ANSI color code, and should reject anything that
results in garbled output.
This commit is contained in:
Daniel Hast
2025-10-24 18:47:59 -04:00
committed by Yu Watanabe
parent 6fac8bb9b1
commit 101dd41cb4
9 changed files with 75 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/basic/ansi-color.c
View File

@@ -100,3 +100,28 @@ static const char* const color_mode_table[_COLOR_MODE_MAX] = {
};
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(color_mode, ColorMode, COLOR_24BIT);
/*
* Check that the string is formatted like an ANSI color code, i.e. that it consists of one or more
* sequences of ASCII digits separated by semicolons. This is equivalent to matching the regex:
* ^[0-9]+(;[0-9]+)*$
* This can be used to partially validate escape codes of the form "\x1B[%sm", accepting all valid
* ANSI color codes while rejecting anything that would result in garbled output (such as injecting
* text or changing the type of escape code).
*/
bool looks_like_ansi_color_code(const char *str) {
assert(str);
bool prev_char_was_digit = false;
for (char c = *str; c != '\0'; c = *(++str)) {
if (ascii_isdigit(c))
prev_char_was_digit = true;
else if (prev_char_was_digit && c == ';')
prev_char_was_digit = false;
else
return false;
}
return prev_char_was_digit;
}

2
src/basic/ansi-color.h
View File

@@ -28,6 +28,8 @@ bool underline_enabled(void);
void reset_ansi_feature_caches(void);
bool looks_like_ansi_color_code(const char *str);
/* Regular colors */
#define ANSI_BLACK "\x1B[0;30m" /* Some type of grey usually. */
#define ANSI_RED "\x1B[0;31m"

2
src/nspawn/nspawn.c
View File

@@ -1529,7 +1529,7 @@ static int parse_argv(int argc, char *argv[]) {
break;
case ARG_BACKGROUND:
r = free_and_strdup_warn(&arg_background, optarg);
r = parse_background_argument(optarg, &arg_background);
if (r < 0)
return r;
break;

3
src/ptyfwd/ptyfwd-tool.c
View File

@@ -9,6 +9,7 @@
#include "fd-util.h"
#include "log.h"
#include "main-func.h"
#include "parse-argument.h"
#include "pidref.h"
#include "pretty-print.h"
#include "process-util.h"
@@ -96,7 +97,7 @@ static int parse_argv(int argc, char *argv[]) {
break;
case ARG_BACKGROUND:
r = free_and_strdup_warn(&arg_background, optarg);
r = parse_background_argument(optarg, &arg_background);
if (r < 0)
return r;
break;

4
src/run/run.c
View File

@@ -686,7 +686,7 @@ static int parse_argv(int argc, char *argv[]) {
break;
case ARG_BACKGROUND:
r = free_and_strdup_warn(&arg_background, optarg);
r = parse_background_argument(optarg, &arg_background);
if (r < 0)
return r;
break;
@@ -978,7 +978,7 @@ static int parse_argv_sudo_mode(int argc, char *argv[]) {
break;
case ARG_BACKGROUND:
r = free_and_strdup_warn(&arg_background, optarg);
r = parse_background_argument(optarg, &arg_background);
if (r < 0)
return r;

8
src/shared/parse-argument.c
View File

@@ -1,6 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "alloc-util.h"
#include "ansi-color.h"
#include "bus-util.h"
#include "format-table.h"
#include "hostname-util.h"
@@ -163,3 +164,10 @@ int parse_machine_argument(const char *s, const char **ret_host, BusTransport *r
return 0;
}
int parse_background_argument(const char *s, char **arg) {
if (!isempty(s) && !looks_like_ansi_color_code(s))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid --background= argument: %s", s);
return free_and_strdup_warn(arg, s);
}

1
src/shared/parse-argument.h
View File

@@ -9,3 +9,4 @@ int parse_json_argument(const char *s, sd_json_format_flags_t *ret);
int parse_path_argument(const char *path, bool suppress_root, char **arg);
int parse_signal_argument(const char *s, int *ret);
int parse_machine_argument(const char *s, const char **ret_host, BusTransport *ret_transport);
int parse_background_argument(const char *s, char **arg);

33
src/test/test-parse-argument.c
View File

@@ -54,4 +54,37 @@ TEST(parse_signal_argument) {
assert_se(signal == SIGABRT);
}
TEST(parse_background_argument) {
_cleanup_free_ char *arg_bg_good = NULL;
/* Should accept empty string */
assert_se(parse_background_argument("", &arg_bg_good) >= 0);
ASSERT_STREQ(arg_bg_good, "");
/* Should accept ANSI color codes in palette, 8-bit, or 24-bit format */
assert_se(parse_background_argument("42", &arg_bg_good) >= 0);
ASSERT_STREQ(arg_bg_good, "42");
assert_se(parse_background_argument("48;5;219", &arg_bg_good) >= 0);
ASSERT_STREQ(arg_bg_good, "48;5;219");
assert_se(parse_background_argument("48;2;3;141;59", &arg_bg_good) >= 0);
ASSERT_STREQ(arg_bg_good, "48;2;3;141;59");
_cleanup_free_ char *arg_bg_bad = NULL;
/* Should reject various invalid arguments */
assert_se(parse_background_argument("42;", &arg_bg_bad) < 0);
ASSERT_NULL(arg_bg_bad);
assert_se(parse_background_argument(";42", &arg_bg_bad) < 0);
ASSERT_NULL(arg_bg_bad);
assert_se(parse_background_argument("4;;2", &arg_bg_bad) < 0);
ASSERT_NULL(arg_bg_bad);
assert_se(parse_background_argument("4a2", &arg_bg_bad) < 0);
ASSERT_NULL(arg_bg_bad);
}
DEFINE_TEST_MAIN(LOG_INFO);

2
src/vmspawn/vmspawn.c
View File

@@ -612,7 +612,7 @@ static int parse_argv(int argc, char *argv[]) {
break;
case ARG_BACKGROUND:
r = free_and_strdup_warn(&arg_background, optarg);
r = parse_background_argument(optarg, &arg_background);
if (r < 0)
return r;
break;