diff mbox series

[scarthgap,12/15] systemd-systemctl: Fix instance name parsing with escapes or periods

Message ID e84c18db267cfdd5e29a6ac7f7e44ef644b366ed.1773966414.git.yoann.congal@smile.fr
State New
Headers show
Series [scarthgap,01/15] inetutils: patch CVE-2026-28372 | expand

Commit Message

Yoann Congal March 20, 2026, 12:28 a.m. UTC 
From: Trent Piepho <trent.piepho@igorinstitute.com>

Fixes [YOCTO #16130]

When extracting the instance name from a template instances such as
'example@host.domain.com.service', the systemctl replacement script will
split the instance on the first period, producing an instance argument of
'host' and a template of 'example@.domain.com.service'.  This is incorrect,
as systemd will split on the last period, producing an instance argument of
'host.domain.com' and a template of 'example@.service'.

When constructing the template name, the script will also pass the string
as is to re.sub(), which will try to process any backslash escapes in the
string.  These are legal in systemd unit names and should be preserved.
They also are not valid Python escape sequences.  Use re.escape() to
preserve anything in the unit name that might be considered a regex
exscape.

Signed-off-by: Trent Piepho <trent.piepho@igorinstitute.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-core/systemd/systemd-systemctl/systemctl | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-core/systemd/systemd-systemctl/systemctl b/meta/recipes-core/systemd/systemd-systemctl/systemctl
index 2229bc7b6d2..b9e04a90707 100755
--- a/meta/recipes-core/systemd/systemd-systemctl/systemctl
+++ b/meta/recipes-core/systemd/systemd-systemctl/systemctl
@@ -202,7 +202,8 @@  class SystemdUnit():
         try:
             for dependent in config.get('Install', prop):
                 # expand any %i to instance (ignoring escape sequence %%)
-                dependent = re.sub("([^%](%%)*)%i", "\\g<1>{}".format(instance), dependent)
+                if instance is not None:
+                    dependent = re.sub("([^%](%%)*)%i", "\\g<1>{}".format(re.escape(instance)), dependent)
                 wants = systemdir / "{}.{}".format(dependent, dirstem) / service
                 add_link(wants, target)
 
@@ -212,13 +213,13 @@  class SystemdUnit():
     def enable(self, units_enabled=[]):
         # if we're enabling an instance, first extract the actual instance
         # then figure out what the template unit is
-        template = re.match(r"[^@]+@(?P<instance>[^\.]*)\.", self.unit)
+        template = re.match(r"[^@]+@(?P<instance>.*)\.", self.unit)
         instance_unit_name = None
         if template:
             instance = template.group('instance')
             if instance != "":
                 instance_unit_name = self.unit
-            unit = re.sub(r"@[^\.]*\.", "@.", self.unit, 1)
+            unit = re.sub(r"@{}\.".format(re.escape(instance)), "@.", self.unit, 1)
         else:
             instance = None
             unit = self.unit