Harald Hoyer d4ee25
From 45f0d8e103c57e9e5e9d92bba1dc2d50b49806de Mon Sep 17 00:00:00 2001
Harald Hoyer d4ee25
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Harald Hoyer d4ee25
Date: Sun, 15 Sep 2013 22:26:56 -0400
Harald Hoyer d4ee25
Subject: [PATCH] Verify validity of session name when received from outside
Harald Hoyer d4ee25
Harald Hoyer d4ee25
Only ASCII letters and digits are allowed.
Harald Hoyer d4ee25
---
Harald Hoyer d4ee25
 Makefile.am                | 14 +++++++++++---
Harald Hoyer d4ee25
 TODO                       |  3 ---
Harald Hoyer d4ee25
 src/login/login-shared.c   |  8 ++++++++
Harald Hoyer d4ee25
 src/login/login-shared.h   |  3 +++
Harald Hoyer d4ee25
 src/login/logind-dbus.c    |  1 +
Harald Hoyer d4ee25
 src/login/logind-session.c |  1 +
Harald Hoyer d4ee25
 src/login/logind-session.h |  1 +
Harald Hoyer d4ee25
 src/login/logind.c         |  6 ++++++
Harald Hoyer d4ee25
 src/login/sd-login.c       | 12 +++++++-----
Harald Hoyer d4ee25
 src/shared/cgroup-util.c   |  4 +---
Harald Hoyer d4ee25
 src/shared/def.h           |  5 +++++
Harald Hoyer d4ee25
 src/shared/env-util.c      |  5 ++---
Harald Hoyer d4ee25
 src/shared/replace-var.c   |  3 ++-
Harald Hoyer d4ee25
 src/shared/unit-name.c     |  5 ++---
Harald Hoyer d4ee25
 14 files changed, 50 insertions(+), 21 deletions(-)
Harald Hoyer d4ee25
 create mode 100644 src/login/login-shared.c
Harald Hoyer d4ee25
 create mode 100644 src/login/login-shared.h
Harald Hoyer d4ee25
Harald Hoyer d4ee25
diff --git a/Makefile.am b/Makefile.am
Harald Hoyer d4ee25
index 7b7539a..6014521 100644
Harald Hoyer d4ee25
--- a/Makefile.am
Harald Hoyer d4ee25
+++ b/Makefile.am
Harald Hoyer d4ee25
@@ -2324,7 +2324,10 @@ if HAVE_ACL
Harald Hoyer d4ee25
 libudev_core_la_SOURCES += \
Harald Hoyer d4ee25
 	src/udev/udev-builtin-uaccess.c \
Harald Hoyer d4ee25
 	src/login/logind-acl.c \
Harald Hoyer d4ee25
-	src/login/sd-login.c
Harald Hoyer d4ee25
+	src/login/sd-login.c \
Harald Hoyer d4ee25
+	src/systemd/sd-login.h \
Harald Hoyer d4ee25
+	src/login/login-shared.c \
Harald Hoyer d4ee25
+	src/login/login-shared.h
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 libudev_core_la_LIBADD += \
Harald Hoyer d4ee25
 	libsystemd-acl.la
Harald Hoyer d4ee25
@@ -3759,7 +3762,9 @@ libsystemd_logind_core_la_SOURCES = \
Harald Hoyer d4ee25
 	src/login/logind-session-dbus.c \
Harald Hoyer d4ee25
 	src/login/logind-seat-dbus.c \
Harald Hoyer d4ee25
 	src/login/logind-user-dbus.c \
Harald Hoyer d4ee25
-	src/login/logind-acl.h
Harald Hoyer d4ee25
+	src/login/logind-acl.h \
Harald Hoyer d4ee25
+	src/login/login-shared.c \
Harald Hoyer d4ee25
+	src/login/login-shared.h
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 libsystemd_logind_core_la_CFLAGS = \
Harald Hoyer d4ee25
 	$(AM_CFLAGS) \
Harald Hoyer d4ee25
@@ -3860,7 +3865,10 @@ tests += \
Harald Hoyer d4ee25
 	test-login-tables
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 libsystemd_login_la_SOURCES = \
Harald Hoyer d4ee25
-	src/login/sd-login.c
Harald Hoyer d4ee25
+	src/login/sd-login.c \
Harald Hoyer d4ee25
+	src/systemd/sd-login.h \
Harald Hoyer d4ee25
+	src/login/login-shared.c \
Harald Hoyer d4ee25
+	src/login/login-shared.h
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 libsystemd_login_la_CFLAGS = \
Harald Hoyer d4ee25
 	$(AM_CFLAGS) \
Harald Hoyer d4ee25
diff --git a/TODO b/TODO
Harald Hoyer d4ee25
index 9943b3e..bfeaa81 100644
Harald Hoyer d4ee25
--- a/TODO
Harald Hoyer d4ee25
+++ b/TODO
Harald Hoyer d4ee25
@@ -142,9 +142,6 @@ Features:
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 * journald: make sure ratelimit is actually really per-service with the new cgroup changes
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
-* libsystemd-logind: sd_session_is_active() and friends: verify
Harald Hoyer d4ee25
-  validity of session name before appending it to a path
Harald Hoyer d4ee25
-
Harald Hoyer d4ee25
 * gparted needs to disable auto-activation of mount units somehow, or
Harald Hoyer d4ee25
   maybe we should stop doing auto-activation of this after boot
Harald Hoyer d4ee25
   entirely. https://bugzilla.gnome.org/show_bug.cgi?id=701676
Harald Hoyer d4ee25
diff --git a/src/login/login-shared.c b/src/login/login-shared.c
Harald Hoyer d4ee25
new file mode 100644
Harald Hoyer d4ee25
index 0000000..ff13c28
Harald Hoyer d4ee25
--- /dev/null
Harald Hoyer d4ee25
+++ b/src/login/login-shared.c
Harald Hoyer d4ee25
@@ -0,0 +1,8 @@
Harald Hoyer d4ee25
+#include "login-shared.h"
Harald Hoyer d4ee25
+#include "def.h"
Harald Hoyer d4ee25
+
Harald Hoyer d4ee25
+bool session_id_valid(const char *id) {
Harald Hoyer d4ee25
+        assert(id);
Harald Hoyer d4ee25
+
Harald Hoyer d4ee25
+        return id + strspn(id, LETTERS DIGITS) == '\0';
Harald Hoyer d4ee25
+}
Harald Hoyer d4ee25
diff --git a/src/login/login-shared.h b/src/login/login-shared.h
Harald Hoyer d4ee25
new file mode 100644
Harald Hoyer d4ee25
index 0000000..728ef00
Harald Hoyer d4ee25
--- /dev/null
Harald Hoyer d4ee25
+++ b/src/login/login-shared.h
Harald Hoyer d4ee25
@@ -0,0 +1,3 @@
Harald Hoyer d4ee25
+#include <stdbool.h>
Harald Hoyer d4ee25
+
Harald Hoyer d4ee25
+bool session_id_valid(const char *id);
Harald Hoyer d4ee25
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
Harald Hoyer d4ee25
index 345df9f..d052e74 100644
Harald Hoyer d4ee25
--- a/src/login/logind-dbus.c
Harald Hoyer d4ee25
+++ b/src/login/logind-dbus.c
Harald Hoyer d4ee25
@@ -554,6 +554,7 @@ static int bus_manager_create_session(Manager *m, DBusMessage *message) {
Harald Hoyer d4ee25
                  * the audit data and let's better register a new
Harald Hoyer d4ee25
                  * ID */
Harald Hoyer d4ee25
                 if (hashmap_get(m->sessions, id)) {
Harald Hoyer d4ee25
+                        log_warning("Existing logind session ID %s used by new audit session, ignoring", id);
Harald Hoyer d4ee25
                         audit_id = 0;
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
                         free(id);
Harald Hoyer d4ee25
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
Harald Hoyer d4ee25
index a726fb1..2d22a68 100644
Harald Hoyer d4ee25
--- a/src/login/logind-session.c
Harald Hoyer d4ee25
+++ b/src/login/logind-session.c
Harald Hoyer d4ee25
@@ -41,6 +41,7 @@ Session* session_new(Manager *m, const char *id) {
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
         assert(m);
Harald Hoyer d4ee25
         assert(id);
Harald Hoyer d4ee25
+        assert(session_id_valid(id));
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
         s = new0(Session, 1);
Harald Hoyer d4ee25
         if (!s)
Harald Hoyer d4ee25
diff --git a/src/login/logind-session.h b/src/login/logind-session.h
Harald Hoyer d4ee25
index edaae8d..9cf6485 100644
Harald Hoyer d4ee25
--- a/src/login/logind-session.h
Harald Hoyer d4ee25
+++ b/src/login/logind-session.h
Harald Hoyer d4ee25
@@ -29,6 +29,7 @@ typedef enum KillWho KillWho;
Harald Hoyer d4ee25
 #include "logind.h"
Harald Hoyer d4ee25
 #include "logind-seat.h"
Harald Hoyer d4ee25
 #include "logind-user.h"
Harald Hoyer d4ee25
+#include "login-shared.h"
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 typedef enum SessionState {
Harald Hoyer d4ee25
         SESSION_OPENING,  /* Session scope is being created */
Harald Hoyer d4ee25
diff --git a/src/login/logind.c b/src/login/logind.c
Harald Hoyer d4ee25
index 9094567..4ef92b8 100644
Harald Hoyer d4ee25
--- a/src/login/logind.c
Harald Hoyer d4ee25
+++ b/src/login/logind.c
Harald Hoyer d4ee25
@@ -684,6 +684,12 @@ int manager_enumerate_sessions(Manager *m) {
Harald Hoyer d4ee25
                 if (!dirent_is_file(de))
Harald Hoyer d4ee25
                         continue;
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
+                if (!session_id_valid(de->d_name)) {
Harald Hoyer d4ee25
+                        log_warning("Invalid session file name '%s', ignoring.", de->d_name);
Harald Hoyer d4ee25
+                        r = -EINVAL;
Harald Hoyer d4ee25
+                        continue;
Harald Hoyer d4ee25
+                }
Harald Hoyer d4ee25
+
Harald Hoyer d4ee25
                 k = manager_add_session(m, de->d_name, &s);
Harald Hoyer d4ee25
                 if (k < 0) {
Harald Hoyer d4ee25
                         log_error("Failed to add session by file name %s: %s", de->d_name, strerror(-k));
Harald Hoyer d4ee25
diff --git a/src/login/sd-login.c b/src/login/sd-login.c
Harald Hoyer d4ee25
index 8a7838d..71d8c29 100644
Harald Hoyer d4ee25
--- a/src/login/sd-login.c
Harald Hoyer d4ee25
+++ b/src/login/sd-login.c
Harald Hoyer d4ee25
@@ -31,6 +31,7 @@
Harald Hoyer d4ee25
 #include "sd-login.h"
Harald Hoyer d4ee25
 #include "strv.h"
Harald Hoyer d4ee25
 #include "fileio.h"
Harald Hoyer d4ee25
+#include "login-shared.h"
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 _public_ int sd_pid_get_session(pid_t pid, char **session) {
Harald Hoyer d4ee25
         if (pid < 0)
Harald Hoyer d4ee25
@@ -226,17 +227,19 @@ static int file_of_session(const char *session, char **_p) {
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
         assert(_p);
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
-        if (session)
Harald Hoyer d4ee25
+        if (session) {
Harald Hoyer d4ee25
+                if (!session_id_valid(session))
Harald Hoyer d4ee25
+                        return -EINVAL;
Harald Hoyer d4ee25
+
Harald Hoyer d4ee25
                 p = strappend("/run/systemd/sessions/", session);
Harald Hoyer d4ee25
-        else {
Harald Hoyer d4ee25
-                char *buf;
Harald Hoyer d4ee25
+        } else {
Harald Hoyer d4ee25
+                _cleanup_free_ char *buf = NULL;
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
                 r = sd_pid_get_session(0, &buf;;
Harald Hoyer d4ee25
                 if (r < 0)
Harald Hoyer d4ee25
                         return r;
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
                 p = strappend("/run/systemd/sessions/", buf);
Harald Hoyer d4ee25
-                free(buf);
Harald Hoyer d4ee25
         }
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
         if (!p)
Harald Hoyer d4ee25
@@ -255,7 +258,6 @@ _public_ int sd_session_is_active(const char *session) {
Harald Hoyer d4ee25
                 return r;
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
         r = parse_env_file(p, NEWLINE, "ACTIVE", &s, NULL);
Harald Hoyer d4ee25
-
Harald Hoyer d4ee25
         if (r < 0)
Harald Hoyer d4ee25
                 return r;
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
diff --git a/src/shared/cgroup-util.c b/src/shared/cgroup-util.c
Harald Hoyer d4ee25
index 1d545e0..0bffebd 100644
Harald Hoyer d4ee25
--- a/src/shared/cgroup-util.c
Harald Hoyer d4ee25
+++ b/src/shared/cgroup-util.c
Harald Hoyer d4ee25
@@ -1511,9 +1511,7 @@ char *cg_unescape(const char *p) {
Harald Hoyer d4ee25
 }
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 #define CONTROLLER_VALID                        \
Harald Hoyer d4ee25
-        "0123456789"                            \
Harald Hoyer d4ee25
-        "abcdefghijklmnopqrstuvwxyz"            \
Harald Hoyer d4ee25
-        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"            \
Harald Hoyer d4ee25
+        DIGITS LETTERS                          \
Harald Hoyer d4ee25
         "_"
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 bool cg_controller_is_valid(const char *p, bool allow_named) {
Harald Hoyer d4ee25
diff --git a/src/shared/def.h b/src/shared/def.h
Harald Hoyer d4ee25
index 5abb544..edd0bcf 100644
Harald Hoyer d4ee25
--- a/src/shared/def.h
Harald Hoyer d4ee25
+++ b/src/shared/def.h
Harald Hoyer d4ee25
@@ -33,3 +33,8 @@
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 #define SIGNALS_CRASH_HANDLER SIGSEGV,SIGILL,SIGFPE,SIGBUS,SIGQUIT,SIGABRT
Harald Hoyer d4ee25
 #define SIGNALS_IGNORE SIGPIPE
Harald Hoyer d4ee25
+
Harald Hoyer d4ee25
+#define DIGITS            "0123456789"
Harald Hoyer d4ee25
+#define LOWERCASE_LETTERS "abcdefghijklmnopqrstuvwxyz"
Harald Hoyer d4ee25
+#define UPPERCASE_LETTERS "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
Harald Hoyer d4ee25
+#define LETTERS LOWERCASE_LETTERS UPPERCASE_LETTERS
Harald Hoyer d4ee25
diff --git a/src/shared/env-util.c b/src/shared/env-util.c
Harald Hoyer d4ee25
index 6a52fb9..5e29629 100644
Harald Hoyer d4ee25
--- a/src/shared/env-util.c
Harald Hoyer d4ee25
+++ b/src/shared/env-util.c
Harald Hoyer d4ee25
@@ -27,11 +27,10 @@
Harald Hoyer d4ee25
 #include "utf8.h"
Harald Hoyer d4ee25
 #include "util.h"
Harald Hoyer d4ee25
 #include "env-util.h"
Harald Hoyer d4ee25
+#include "def.h"
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 #define VALID_CHARS_ENV_NAME                    \
Harald Hoyer d4ee25
-        "0123456789"                            \
Harald Hoyer d4ee25
-        "abcdefghijklmnopqrstuvwxyz"            \
Harald Hoyer d4ee25
-        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"            \
Harald Hoyer d4ee25
+        DIGITS LETTERS                          \
Harald Hoyer d4ee25
         "_"
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 #ifndef ARG_MAX
Harald Hoyer d4ee25
diff --git a/src/shared/replace-var.c b/src/shared/replace-var.c
Harald Hoyer d4ee25
index e11c57a..478fc43 100644
Harald Hoyer d4ee25
--- a/src/shared/replace-var.c
Harald Hoyer d4ee25
+++ b/src/shared/replace-var.c
Harald Hoyer d4ee25
@@ -24,6 +24,7 @@
Harald Hoyer d4ee25
 #include "macro.h"
Harald Hoyer d4ee25
 #include "util.h"
Harald Hoyer d4ee25
 #include "replace-var.h"
Harald Hoyer d4ee25
+#include "def.h"
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 /*
Harald Hoyer d4ee25
  * Generic infrastructure for replacing @FOO@ style variables in
Harald Hoyer d4ee25
@@ -40,7 +41,7 @@ static int get_variable(const char *b, char **r) {
Harald Hoyer d4ee25
         if (*b != '@')
Harald Hoyer d4ee25
                 return 0;
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
-        k = strspn(b + 1, "ABCDEFGHIJKLMNOPQRSTUVWXYZ_");
Harald Hoyer d4ee25
+        k = strspn(b + 1, UPPERCASE_LETTERS "_");
Harald Hoyer d4ee25
         if (k <= 0 || b[k+1] != '@')
Harald Hoyer d4ee25
                 return 0;
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
diff --git a/src/shared/unit-name.c b/src/shared/unit-name.c
Harald Hoyer d4ee25
index 1baa6eb..8f6c28e 100644
Harald Hoyer d4ee25
--- a/src/shared/unit-name.c
Harald Hoyer d4ee25
+++ b/src/shared/unit-name.c
Harald Hoyer d4ee25
@@ -26,11 +26,10 @@
Harald Hoyer d4ee25
 #include "path-util.h"
Harald Hoyer d4ee25
 #include "util.h"
Harald Hoyer d4ee25
 #include "unit-name.h"
Harald Hoyer d4ee25
+#include "def.h"
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 #define VALID_CHARS                             \
Harald Hoyer d4ee25
-        "0123456789"                            \
Harald Hoyer d4ee25
-        "abcdefghijklmnopqrstuvwxyz"            \
Harald Hoyer d4ee25
-        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"            \
Harald Hoyer d4ee25
+        DIGITS LETTERS                          \
Harald Hoyer d4ee25
         ":-_.\\"
Harald Hoyer d4ee25
 
Harald Hoyer d4ee25
 static const char* const unit_type_table[_UNIT_TYPE_MAX] = {