mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
logind: fix crash in logind on user-specified message string
This is trivially exploitable (in the sense of causing a crash from SEGV) e.g. by 'shutdown now "Message %s %s %n"'. The message is settable through polkit, but is limited to auth_admin: <action id="org.freedesktop.login1.set-wall-message"> <description gettext-domain="systemd">Set a wall message</description> <message gettext-domain="systemd">Authentication is required to set a wall message</message> <defaults> <allow_any>auth_admin_keep</allow_any> <allow_inactive>auth_admin_keep</allow_inactive> <allow_active>auth_admin_keep</allow_active> </defaults> </action> Bug introduced in9ef15026c0
('logind/systemctl: introduce SetWallMessage and --message', 2015-09-15). Based on0cb09bcb82
.
This commit is contained in:
parent
16b95a18e7
commit
95058a435e
@ -1492,12 +1492,13 @@ _printf_(2, 0)
|
||||
static int log_with_wall_message(Manager *m, const char *d, const char *p, const char *q) {
|
||||
assert(m);
|
||||
|
||||
if (isempty(m->wall_message))
|
||||
if (isempty(m->wall_message)) {
|
||||
p = strjoina(p, ".");
|
||||
else
|
||||
p = strjoina(p, " (", m->wall_message, ").");
|
||||
|
||||
return log_struct(LOG_NOTICE, d, p, q);
|
||||
return log_struct(LOG_NOTICE, d, p, q);
|
||||
} else {
|
||||
p = strjoina(p, " (%s).");
|
||||
return log_struct(LOG_NOTICE, d, p, m->wall_message, q);
|
||||
}
|
||||
}
|
||||
|
||||
static int bus_manager_log_shutdown(
|
||||
|
Loading…
Reference in New Issue
Block a user