core,seccomp: fix logic to parse RestrictAddressFamilies= in dbus-execute.c

If multiple RestrictAddressFamilies= settings, some of them are whitelist and the others are blacklist, are sent to bus, then parsing result was corrupted. This fixes the parse logic, now it is the same as one used in load-fragment.c (cherry picked from commit 9ee896d5dd98ee9fba7c0ee40784a1266661cd5f)
author: Yu Watanabe <watanabe.yu+github@gmail.com> 2017-12-19 11:05:43 +0900
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2018-01-11 10:13:00 +0100
commit: a93970d1b901e8eed23fb35dd0f62fbf9fcd1d08 (patch)
tree: 49ed6a391b95da94c389cf11b1672fd4c6afd219
parent: core,seccomp: fix logic to parse syscall filter in dbus-execute.c (diff)
download: systemd-a93970d1b901e8eed23fb35dd0f62fbf9fcd1d08.tar.gz
systemd-a93970d1b901e8eed23fb35dd0f62fbf9fcd1d08.tar.bz2
systemd-a93970d1b901e8eed23fb35dd0f62fbf9fcd1d08.zip
1 files changed, 20 insertions, 12 deletions
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index fbce9a7d0..a72077acb 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1490,30 +1490,38 @@ int bus_exec_context_set_transient_property(
 
                 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
                         _cleanup_free_ char *joined = NULL;
+                        bool invert = !whitelist;
+                        char **s;
 
                         if (strv_isempty(l)) {
                                 c->address_families_whitelist = false;
                                 c->address_families = set_free(c->address_families);
-                        } else {
-                                char **s;
 
-                                c->address_families_whitelist = whitelist;
+                                unit_write_settingf(u, flags, name, "RestrictAddressFamilies=");
+                                return 1;
+                        }
 
-                                r = set_ensure_allocated(&c->address_families, NULL);
-                                if (r < 0)
-                                        return r;
+                        if (!c->address_families) {
+                                c->address_families = set_new(NULL);
+                                if (!c->address_families)
+                                        return log_oom();
 
-                                STRV_FOREACH(s, l) {
-                                        int af;
+                                c->address_families_whitelist = whitelist;
+                        }
 
-                                        af = af_from_name(*s);
-                                        if (af <= 0)
-                                                return -EINVAL;
+                        STRV_FOREACH(s, l) {
+                                int af;
+
+                                af = af_from_name(*s);
+                                if (af <= 0)
+                                        return -EINVAL;
 
+                                if (!invert == c->address_families_whitelist) {
                                         r = set_put(c->address_families, INT_TO_PTR(af));
                                         if (r < 0)
                                                 return r;
-                                }
+                                } else
+                                        (void) set_remove(c->address_families, INT_TO_PTR(af));
                         }
 
                         joined = strv_join(l, " ");
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2017-12-19 11:05:43 +0900
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2018-01-11 10:13:00 +0100
commit	a93970d1b901e8eed23fb35dd0f62fbf9fcd1d08 (patch)
tree	49ed6a391b95da94c389cf11b1672fd4c6afd219
parent	core,seccomp: fix logic to parse syscall filter in dbus-execute.c (diff)
download	systemd-a93970d1b901e8eed23fb35dd0f62fbf9fcd1d08.tar.gz systemd-a93970d1b901e8eed23fb35dd0f62fbf9fcd1d08.tar.bz2 systemd-a93970d1b901e8eed23fb35dd0f62fbf9fcd1d08.zip