From 4b549144d82ea0f368321d149215f577049fffa6 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Sun, 15 Sep 2013 22:26:56 -0400 Subject: Verify validity of session name when received from outside Only ASCII letters and digits are allowed. --- src/login/login-shared.c | 8 ++++++++ src/login/login-shared.h | 3 +++ src/login/logind-dbus.c | 1 + src/login/logind-session.c | 1 + src/login/logind-session.h | 1 + src/login/logind.c | 6 ++++++ src/login/sd-login.c | 12 +++++++----- 7 files changed, 27 insertions(+), 5 deletions(-) create mode 100644 src/login/login-shared.c create mode 100644 src/login/login-shared.h (limited to 'src/login') diff --git a/src/login/login-shared.c b/src/login/login-shared.c new file mode 100644 index 0000000000..ff13c28861 --- /dev/null +++ b/src/login/login-shared.c @@ -0,0 +1,8 @@ +#include "login-shared.h" +#include "def.h" + +bool session_id_valid(const char *id) { + assert(id); + + return id + strspn(id, LETTERS DIGITS) == '\0'; +} diff --git a/src/login/login-shared.h b/src/login/login-shared.h new file mode 100644 index 0000000000..728ef0038f --- /dev/null +++ b/src/login/login-shared.h @@ -0,0 +1,3 @@ +#include + +bool session_id_valid(const char *id); diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 345df9f1cc..d052e74789 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -554,6 +554,7 @@ static int bus_manager_create_session(Manager *m, DBusMessage *message) { * the audit data and let's better register a new * ID */ if (hashmap_get(m->sessions, id)) { + log_warning("Existing logind session ID %s used by new audit session, ignoring", id); audit_id = 0; free(id); diff --git a/src/login/logind-session.c b/src/login/logind-session.c index a726fb1bed..2d22a68b6e 100644 --- a/src/login/logind-session.c +++ b/src/login/logind-session.c @@ -41,6 +41,7 @@ Session* session_new(Manager *m, const char *id) { assert(m); assert(id); + assert(session_id_valid(id)); s = new0(Session, 1); if (!s) diff --git a/src/login/logind-session.h b/src/login/logind-session.h index edaae8d20a..9cf64850be 100644 --- a/src/login/logind-session.h +++ b/src/login/logind-session.h @@ -29,6 +29,7 @@ typedef enum KillWho KillWho; #include "logind.h" #include "logind-seat.h" #include "logind-user.h" +#include "login-shared.h" typedef enum SessionState { SESSION_OPENING, /* Session scope is being created */ diff --git a/src/login/logind.c b/src/login/logind.c index 9094567b8d..4ef92b8253 100644 --- a/src/login/logind.c +++ b/src/login/logind.c @@ -684,6 +684,12 @@ int manager_enumerate_sessions(Manager *m) { if (!dirent_is_file(de)) continue; + if (!session_id_valid(de->d_name)) { + log_warning("Invalid session file name '%s', ignoring.", de->d_name); + r = -EINVAL; + continue; + } + k = manager_add_session(m, de->d_name, &s); if (k < 0) { log_error("Failed to add session by file name %s: %s", de->d_name, strerror(-k)); diff --git a/src/login/sd-login.c b/src/login/sd-login.c index 8a7838d566..71d8c2942e 100644 --- a/src/login/sd-login.c +++ b/src/login/sd-login.c @@ -31,6 +31,7 @@ #include "sd-login.h" #include "strv.h" #include "fileio.h" +#include "login-shared.h" _public_ int sd_pid_get_session(pid_t pid, char **session) { if (pid < 0) @@ -226,17 +227,19 @@ static int file_of_session(const char *session, char **_p) { assert(_p); - if (session) + if (session) { + if (!session_id_valid(session)) + return -EINVAL; + p = strappend("/run/systemd/sessions/", session); - else { - char *buf; + } else { + _cleanup_free_ char *buf = NULL; r = sd_pid_get_session(0, &buf); if (r < 0) return r; p = strappend("/run/systemd/sessions/", buf); - free(buf); } if (!p) @@ -255,7 +258,6 @@ _public_ int sd_session_is_active(const char *session) { return r; r = parse_env_file(p, NEWLINE, "ACTIVE", &s, NULL); - if (r < 0) return r; -- cgit v1.2.3-54-g00ecf