daandemeyer / rpms / systemd

Forked from rpms/systemd 2 years ago
Clone
Source Code
GIT

Blame SOURCES/0645-core-fix-SIGABRT-on-empty-exec-command-argv.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c9-beta c9s-sig-hyperscale drop-selinux extras extras-boot-time network-extras reduce-diff-rawhide v252-4.597.7-c8s v252-4.598.7-c8s
  1.   f52bae7bee681374dc34a11a190da01a810d5b59
  2.   SOURCES
  3.   0645-core-fix-SIGABRT-on-empty-exec-command-argv.patch
Blob History Raw
b8c242 
From 8e322f5bc24547963978be071a8a2547abad875a Mon Sep 17 00:00:00 2001
b8c242 
From: Henri Chain <henri.chain@enioka.com>
b8c242 
Date: Tue, 5 Oct 2021 13:10:31 +0200
b8c242 
Subject: [PATCH] core: fix SIGABRT on empty exec command argv
b8c242
b8c242 
This verifies that the argv part of any exec_command parameters that
b8c242 
are sent through dbus is not empty at deserialization time.
b8c242
b8c242 
There is an additional check in service.c service_verify() that again
b8c242 
checks if all exec_commands are correctly populated, after the service
b8c242 
has been loaded, whether through dbus or otherwise.
b8c242
b8c242 
Fixes #20933.
b8c242
b8c242 
(cherry picked from commit 29500cf8c47e6eb0518d171d62aa8213020c9152)
b8c242
b8c242 
Resolves: #2020239
b8c242 
---
b8c242 
 src/core/dbus-execute.c             |  4 ++++
b8c242 
 src/core/service.c                  | 12 +++++++++++
b8c242 
 test/TEST-23-TYPE-EXEC/testsuite.sh | 31 +++++++++++++++++++++++++++++
b8c242 
 3 files changed, 47 insertions(+)
b8c242
b8c242 
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
b8c242 
index 8348663000..2e64f0baf4 100644
b8c242 
--- a/src/core/dbus-execute.c
b8c242 
+++ b/src/core/dbus-execute.c
b8c242 
@@ -969,6 +969,10 @@ int bus_set_transient_exec_command(
b8c242 
                 if (r < 0)
b8c242 
                         return r;
b8c242
b8c242 
+                if (strv_isempty(argv))
b8c242 
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
b8c242 
+                                                 "\"%s\" argv cannot be empty", name);
b8c242 
+
b8c242 
                 r = sd_bus_message_read(message, "b", &b);
b8c242 
                 if (r < 0)
b8c242 
                         return r;
b8c242 
diff --git a/src/core/service.c b/src/core/service.c
b8c242 
index 5e3e75b5ae..12adf89dd4 100644
b8c242 
--- a/src/core/service.c
b8c242 
+++ b/src/core/service.c
b8c242 
@@ -536,6 +536,18 @@ static int service_verify(Service *s) {
b8c242 
         if (UNIT(s)->load_state != UNIT_LOADED)
b8c242 
                 return 0;
b8c242
b8c242 
+        for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
b8c242 
+                ExecCommand *command;
b8c242 
+
b8c242 
+                LIST_FOREACH(command, command, s->exec_command[c])
b8c242 
+                        if (strv_isempty(command->argv)) {
b8c242 
+                                log_unit_error(UNIT(s),
b8c242 
+                                               "Service has an empty argv in %s=. Refusing.",
b8c242 
+                                               service_exec_command_to_string(c));
b8c242 
+                                return -ENOEXEC;
b8c242 
+                        }
b8c242 
+        }
b8c242 
+
b8c242 
         if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {
b8c242 
                 log_unit_error(UNIT(s), "Service lacks both ExecStart= and ExecStop= setting. Refusing.");
b8c242 
                 return -ENOEXEC;
b8c242 
diff --git a/test/TEST-23-TYPE-EXEC/testsuite.sh b/test/TEST-23-TYPE-EXEC/testsuite.sh
b8c242 
index 80734bbbdc..e0c34cfd04 100755
b8c242 
--- a/test/TEST-23-TYPE-EXEC/testsuite.sh
b8c242 
+++ b/test/TEST-23-TYPE-EXEC/testsuite.sh
b8c242 
@@ -21,6 +21,37 @@ systemd-run --unit=four -p Type=exec /bin/sleep infinity
b8c242 
 ! systemd-run --unit=five -p Type=exec -p User=idontexist /bin/sleep infinity
b8c242 
 ! systemd-run --unit=six -p Type=exec /tmp/brokenbinary
b8c242
b8c242 
+# For issue #20933
b8c242 
+
b8c242 
+# Should work normally
b8c242 
+busctl call \
b8c242 
+  org.freedesktop.systemd1 /org/freedesktop/systemd1 \
b8c242 
+  org.freedesktop.systemd1.Manager StartTransientUnit \
b8c242 
+  "ssa(sv)a(sa(sv))" test-20933-ok.service replace 1 \
b8c242 
+    ExecStart "a(sasb)" 1 \
b8c242 
+      /usr/bin/sleep 2 /usr/bin/sleep 1 true \
b8c242 
+  0
b8c242 
+
b8c242 
+# DBus call should fail but not crash systemd
b8c242 
+busctl call \
b8c242 
+  org.freedesktop.systemd1 /org/freedesktop/systemd1 \
b8c242 
+  org.freedesktop.systemd1.Manager StartTransientUnit \
b8c242 
+  "ssa(sv)a(sa(sv))" test-20933-bad.service replace 1 \
b8c242 
+    ExecStart "a(sasb)" 1 \
b8c242 
+      /usr/bin/sleep 0 true \
b8c242 
+  0 && { echo 'unexpected success'; exit 1; }
b8c242 
+
b8c242 
+# Same but with the empty argv in the middle
b8c242 
+busctl call \
b8c242 
+  org.freedesktop.systemd1 /org/freedesktop/systemd1 \
b8c242 
+  org.freedesktop.systemd1.Manager StartTransientUnit \
b8c242 
+  "ssa(sv)a(sa(sv))" test-20933-bad-middle.service replace 1 \
b8c242 
+    ExecStart "a(sasb)" 3 \
b8c242 
+      /usr/bin/sleep 2 /usr/bin/sleep 1 true \
b8c242 
+      /usr/bin/sleep 0                  true \
b8c242 
+      /usr/bin/sleep 2 /usr/bin/sleep 1 true \
b8c242 
+  0 && { echo 'unexpected success'; exit 1; }
b8c242 
+
b8c242 
 systemd-analyze set-log-level info
b8c242
b8c242 
 echo OK > /testok

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation