From 740b24c3e0f81556576a16390d7a2d7e0dc2a7e2 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 25 May 2021 17:25:40 +0200
Subject: [PATCH] load-fragment: validate paths properly

The comment suggests we validate paths here, but we actually didn't, we
only validated filenames. Let' fix that.

(Note this still lets any kind of paths through, including those with
".." and stuff, this is not a normalization check after all)

(cherry picked from commit 108144adea838b281fe1f60dfa75542fe4c82d4b)
---
 src/core/load-fragment.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 6da623dbda..db74609af6 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -793,7 +793,7 @@ int config_parse_exec(
                         return ignore ? 0 : -ENOEXEC;
                 }
 
-                if (!path_is_absolute(path) && !filename_is_valid(path)) {
+                if (!(path_is_absolute(path) ? path_is_valid(path) : filename_is_valid(path))) {
                         log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
                                    "Neither a valid executable name nor an absolute path%s: %s",
                                    ignore ? ", ignoring" : "", path);
-- 
2.25.1