From 1add8a7d60e46806e0ef87994d3024245db0d84a Mon Sep 17 00:00:00 2001

From: David Rheinsberg <david.rheinsberg@gmail.com>

Date: Thu, 18 Mar 2021 11:10:02 +0100

Subject: [PATCH] launch/policy: fix incorrect assertion for at_console

We write at_console policies for ranges of uids. If one of those ranges

is 0, an overflow assertion will incorrectly fire. Fix this and simplify

the assertions for better readability.

Note that such empty ranges will happen if more than one user on the

system is considered `at_console` **and** those users have consecutive

UIDs. Another possibility for empty ranges is when uid 0 is considered

at_console.

In any case, the assertion will abort the application incorrectly. So

this is not a security issue, but merely an incorrect assertion.

Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>

---

 src/launch/policy.c | 5 ++++-

 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/launch/policy.c b/src/launch/policy.c

index f91f11b..75eb0d3 100644

--- a/src/launch/policy.c

+++ b/src/launch/policy.c

@@ -934,7 +934,10 @@ static int policy_export_xmit(Policy *policy, CList *list1, CList *list2, sd_bus

 static int policy_export_console(Policy *policy, sd_bus_message *m, PolicyEntries *entries, uint32_t uid_start, uint32_t n_uid) {

         int r;

-        c_assert(((uint32_t)-1) - n_uid + 1 >= uid_start);

+        /* check for overflow */

+        c_assert(uid_start + n_uid >= uid_start);

+        /* check for encoding into dbus `u` type */

+        c_assert(uid_start + n_uid <= (uint32_t)-1);

         if (n_uid == 0)

                 return 0;