conf: enforce UTF8 validty everywhere

we need to make sure that configuration data we expose via the bus ends
up in using getting an assert(). Even though configuration data is only
parsed from trusted sources we should be more careful with what we read.

Makefile.am

@@ -468,7 +468,8 @@ libsystemd_basic_la_SOURCES = \
 	src/socket-util.c \
 	src/log.c \
 	src/ratelimit.c \
-	src/exit-status.c
+	src/exit-status.c \
+        src/utf8.c
 
 libsystemd_basic_la_CFLAGS = \
 	$(AM_CFLAGS) \
@@ -649,7 +650,8 @@ EXTRA_DIST += \
 	src/dbus-loop.h \
 	src/spawn-agent.h \
 	src/acl-util.h \
-	src/logs-show.h
+	src/logs-show.h \
+        src/utf8.h
 
 MANPAGES = \
 	man/systemd.1 \

TODO

@@ -18,6 +18,10 @@ Bugfixes:
 
 Features:
 
+* document crypttab(5)
+
+* There's currently no way to cancel fsck (used to be possible via C-c or c on the console)
+
 * hook up /dev/watchdog with main event loop for embedded, server uses
 
 * man: for some reason the HTML versions of the man pages are currently not being packaged
@@ -115,8 +119,6 @@ Features:
 
 * document that %% can be used to write % in a string that is specifier extended
 
-* check utf8 everywhere
-
 * when an instanced service exits, remove its parent cgroup too if possible.
 
 * Make libselinux, libattr, libcap, libdl dependencies only of the tools which actually need them.

src/conf-parser.c

@@ -30,6 +30,7 @@
 #include "macro.h"
 #include "strv.h"
 #include "log.h"
+#include "utf8.h"
 
 int config_item_table_lookup(
                 void *table,
@@ -584,14 +585,23 @@ int config_parse_string(
         assert(rvalue);
         assert(data);
 
-        if (*rvalue) {
-                if (!(n = strdup(rvalue)))
-                        return -ENOMEM;
-        } else
-                n = NULL;
+        n = cunescape(rvalue);
+        if (!n)
+                return -ENOMEM;
+
+        if (!utf8_is_valid(n)) {
+                log_error("[%s:%u] String is not UTF-8 clean, ignoring assignment: %s", filename, line, rvalue);
+                free(n);
+                return 0;
+        }
 
         free(*s);
-        *s = n;
+        if (*n)
+                *s = n;
+        else {
+                free(n);
+                *s = NULL;
+        }
 
         return 0;
 }
@@ -614,12 +624,18 @@ int config_parse_path(
         assert(rvalue);
         assert(data);
 
+        if (!utf8_is_valid(rvalue)) {
+                log_error("[%s:%u] Path is not UTF-8 clean, ignoring assignment: %s", filename, line, rvalue);
+                return 0;
+        }
+
         if (!path_is_absolute(rvalue)) {
                 log_error("[%s:%u] Not an absolute path, ignoring: %s", filename, line, rvalue);
                 return 0;
         }
 
-        if (!(n = strdup(rvalue)))
+        n = strdup(rvalue);
+        if (!n)
                 return -ENOMEM;
 
         path_kill_slashes(n);
@@ -646,6 +662,7 @@ int config_parse_strv(
         unsigned k;
         size_t l;
         char *state;
+        int r;
 
         assert(filename);
         assert(lvalue);
@@ -656,7 +673,8 @@ int config_parse_strv(
         FOREACH_WORD_QUOTED(w, l, rvalue, state)
                 k++;
 
-        if (!(n = new(char*, k+1)))
+        n = new(char*, k+1);
+        if (!n)
                 return -ENOMEM;
 
         if (*sv)
@@ -665,9 +683,21 @@ int config_parse_strv(
         else
                 k = 0;
 
-        FOREACH_WORD_QUOTED(w, l, rvalue, state)
-                if (!(n[k++] = cunescape_length(w, l)))
+        FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+                n[k] = cunescape_length(w, l);
+                if (!n[k]) {
+                        r = -ENOMEM;
                         goto fail;
+                }
+
+                if (!utf8_is_valid(n[k])) {
+                        log_error("[%s:%u] String is not UTF-8 clean, ignoring assignment: %s", filename, line, rvalue);
+                        free(n[k]);
+                        continue;
+                }
+
+                k++;
+        }
 
         n[k] = NULL;
         free(*sv);
@@ -680,7 +710,7 @@ int config_parse_strv(
                 free(n[k-1]);
         free(n);
 
-        return -ENOMEM;
+        return r;
 }
 
 int config_parse_path_strv(
@@ -710,7 +740,8 @@ int config_parse_path_strv(
         FOREACH_WORD_QUOTED(w, l, rvalue, state)
                 k++;
 
-        if (!(n = new(char*, k+1)))
+        n = new(char*, k+1);
+        if (!n)
                 return -ENOMEM;
 
         k = 0;
@@ -719,19 +750,25 @@ int config_parse_path_strv(
                         n[k] = (*sv)[k];
 
         FOREACH_WORD_QUOTED(w, l, rvalue, state) {
-                if (!(n[k] = cunescape_length(w, l))) {
+                n[k] = strndup(w, l);
+                if (!n[k]) {
                         r = -ENOMEM;
                         goto fail;
                 }
 
+                if (!utf8_is_valid(n[k])) {
+                        log_error("[%s:%u] Path is not UTF-8 clean, ignoring assignment: %s", filename, line, rvalue);
+                        free(n[k]);
+                        continue;
+                }
+
                 if (!path_is_absolute(n[k])) {
                         log_error("[%s:%u] Not an absolute path, ignoring: %s", filename, line, rvalue);
                         free(n[k]);
                         continue;
                 }
 
                 path_kill_slashes(n[k]);
-
                 k++;
         }
 
@@ -742,7 +779,6 @@ int config_parse_path_strv(
         return 0;
 
 fail:
-        free(n[k]);
         for (; k > 0; k--)
                 free(n[k-1]);
         free(n);