Verify validity of session name when received from outside

Only ASCII letters and digits are allowed.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2013-09-15 22:26:56 -0400
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2013-09-16 09:58:37 -0500
commit: 4b549144d82ea0f368321d149215f577049fffa6 (patch)
tree: ee916708f2758a03690c6c0770cc238aa8757e91 /src/login/logind.c
parent: 1244d8d640a2644aa8dc8e588cd9c414b3d39163 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/login/logind.c b/src/login/logind.c
index 9094567b8d..4ef92b8253 100644
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -684,6 +684,12 @@ int manager_enumerate_sessions(Manager *m) {
                 if (!dirent_is_file(de))
                         continue;
 
+                if (!session_id_valid(de->d_name)) {
+                        log_warning("Invalid session file name '%s', ignoring.", de->d_name);
+                        r = -EINVAL;
+                        continue;
+                }
+
                 k = manager_add_session(m, de->d_name, &s);
                 if (k < 0) {
                         log_error("Failed to add session by file name %s: %s", de->d_name, strerror(-k));
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2013-09-15 22:26:56 -0400
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2013-09-16 09:58:37 -0500
commit	4b549144d82ea0f368321d149215f577049fffa6 (patch)
tree	ee916708f2758a03690c6c0770cc238aa8757e91 /src/login/logind.c
parent	1244d8d640a2644aa8dc8e588cd9c414b3d39163 (diff)