From 4b549144d82ea0f368321d149215f577049fffa6 Mon Sep 17 00:00:00 2001
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Sun, 15 Sep 2013 22:26:56 -0400
Subject: Verify validity of session name when received from outside

Only ASCII letters and digits are allowed.
---
 src/login/logind-dbus.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/login/logind-dbus.c')

diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 345df9f1cc..d052e74789 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -554,6 +554,7 @@ static int bus_manager_create_session(Manager *m, DBusMessage *message) {
                  * the audit data and let's better register a new
                  * ID */
                 if (hashmap_get(m->sessions, id)) {
+                        log_warning("Existing logind session ID %s used by new audit session, ignoring", id);
                         audit_id = 0;
 
                         free(id);
-- 
cgit v1.2.3-54-g00ecf