Verify validity of session name when received from outside

Only ASCII letters and digits are allowed.

7 files changed, 27 insertions, 5 deletions

diff --git a/src/login/login-shared.c b/src/login/login-shared.c
new file mode 100644
index 0000000000..ff13c28861
--- /dev/null
+++ b/src/login/login-shared.c
@@ -0,0 +1,8 @@
+#include "login-shared.h"
+#include "def.h"
+
+bool session_id_valid(const char *id) {
+        assert(id);
+
+        return id + strspn(id, LETTERS DIGITS) == '\0';
+}
diff --git a/src/login/login-shared.h b/src/login/login-shared.h
new file mode 100644
index 0000000000..728ef0038f
--- /dev/null
+++ b/src/login/login-shared.h
@@ -0,0 +1,3 @@
+#include <stdbool.h>
+
+bool session_id_valid(const char *id);
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 345df9f1cc..d052e74789 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -554,6 +554,7 @@ static int bus_manager_create_session(Manager *m, DBusMessage *message) {
                  * the audit data and let's better register a new
                  * ID */
                 if (hashmap_get(m->sessions, id)) {
+                        log_warning("Existing logind session ID %s used by new audit session, ignoring", id);
                         audit_id = 0;
 
                         free(id);
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index a726fb1bed..2d22a68b6e 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -41,6 +41,7 @@ Session* session_new(Manager *m, const char *id) {
 
         assert(m);
         assert(id);
+        assert(session_id_valid(id));
 
         s = new0(Session, 1);
         if (!s)
diff --git a/src/login/logind-session.h b/src/login/logind-session.h
index edaae8d20a..9cf64850be 100644
--- a/src/login/logind-session.h
+++ b/src/login/logind-session.h
@@ -29,6 +29,7 @@ typedef enum KillWho KillWho;
 #include "logind.h"
 #include "logind-seat.h"
 #include "logind-user.h"
+#include "login-shared.h"
 
 typedef enum SessionState {
         SESSION_OPENING,  /* Session scope is being created */
diff --git a/src/login/logind.c b/src/login/logind.c
index 9094567b8d..4ef92b8253 100644
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -684,6 +684,12 @@ int manager_enumerate_sessions(Manager *m) {
                 if (!dirent_is_file(de))
                         continue;
 
+                if (!session_id_valid(de->d_name)) {
+                        log_warning("Invalid session file name '%s', ignoring.", de->d_name);
+                        r = -EINVAL;
+                        continue;
+                }
+
                 k = manager_add_session(m, de->d_name, &s);
                 if (k < 0) {
                         log_error("Failed to add session by file name %s: %s", de->d_name, strerror(-k));
diff --git a/src/login/sd-login.c b/src/login/sd-login.c
index 8a7838d566..71d8c2942e 100644
--- a/src/login/sd-login.c
+++ b/src/login/sd-login.c
@@ -31,6 +31,7 @@
 #include "sd-login.h"
 #include "strv.h"
 #include "fileio.h"
+#include "login-shared.h"
 
 _public_ int sd_pid_get_session(pid_t pid, char **session) {
         if (pid < 0)
@@ -226,17 +227,19 @@ static int file_of_session(const char *session, char **_p) {
 
         assert(_p);
 
-        if (session)
+        if (session) {
+                if (!session_id_valid(session))
+                        return -EINVAL;
+
                 p = strappend("/run/systemd/sessions/", session);
-        else {
-                char *buf;
+        } else {
+                _cleanup_free_ char *buf = NULL;
 
                 r = sd_pid_get_session(0, &buf);
                 if (r < 0)
                         return r;
 
                 p = strappend("/run/systemd/sessions/", buf);
-                free(buf);
         }
 
         if (!p)
@@ -255,7 +258,6 @@ _public_ int sd_session_is_active(const char *session) {
                 return r;
 
         r = parse_env_file(p, NEWLINE, "ACTIVE", &s, NULL);
-
         if (r < 0)
                 return r;