systemd-stable

mirror of https://github.com/systemd/systemd-stable.git synced 2025-03-13 12:58:20 +03:00

History

Zbigniew Jędrzejewski-Szmek cfd14c6537 basic/unit-name: do not use strdupa() on a path

The path may have unbounded length, for example through a fuse mount.

CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
and each mountpoint is passed to mount_setup_unit(), which calls
unit_name_path_escape() underneath. A local attacker who is able to mount a
filesystem with a very long path can crash systemd and the whole system.

https://bugzilla.redhat.com/show_bug.cgi?id=1970887

The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
can't easily check the length after simplification before doing the
simplification, which in turns uses a copy of the string we can write to.
So we can't reject paths that are too long before doing the duplication.
Hence the most obvious solution is to switch back to strdup(), as before
7410616cd9dbbec97cf98d75324da5cda2b2f7a2.

(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9)
(cherry picked from commit 764b74113e36ac5219a4b82a05f311b5a92136ce)
(cherry picked from commit 4a1c5f34bd3e1daed4490e9d97918e504d19733b)
(cherry picked from commit b00674347337b7531c92fdb65590ab253bb57538)

2021-07-20 18:17:16 +02:00

ac-power

…

activate

…

analyze

analyze: fix error handling in one case

2020-09-01 17:22:30 +02:00

ask-password

…

backlight

backlight: do not claim that ID_BACKLIGHT_CLAMP= property is not set

2020-09-11 20:17:01 +02:00

basic

basic/unit-name: do not use strdupa() on a path

2021-07-20 18:17:16 +02:00

binfmt

binfmt: also unregister binfmt entries from unit

2020-04-23 17:14:45 +02:00

boot

efi: drop glibc header and use pre-defined macros

2021-07-20 18:08:40 +02:00

busctl

sd-bus: add custom return code when $XDG_RUNTIME_DIR is not set

2020-12-08 18:08:30 +01:00

cgls

bus: use bus_log_connect_error to print error message

2020-07-21 10:02:01 +09:00

cgroups-agent

…

cgtop

util: make size macros unsigned

2020-12-08 18:08:30 +01:00

core

core: add comment explaining event source deallocation

2021-07-20 18:15:39 +02:00

coredump

coredump: don't convert s → µs twice

2020-09-02 11:03:16 +02:00

cryptsetup

cryptsetup: unescape ID_PART_ENTRY_NAME udev property before using it

2021-03-12 18:20:46 +01:00

debug-generator

…

delta

log: introduce log_parse_environment_cli() and log_setup_cli()

2020-06-24 16:49:26 +02:00

detect-virt

log: introduce log_parse_environment_cli() and log_setup_cli()

2020-06-24 16:49:26 +02:00

dissect

dissect/nspawn: add support for dm-verity root hash signature

2020-06-25 08:45:21 +01:00

environment-d-generator

sd-path: rename the two functions

2020-03-27 20:12:44 +01:00

escape

tree-wide: correct cases where return log_{error,warning} is used without value

2020-09-11 19:54:32 +02:00

firstboot

firstboot: fill empty color if ansi_color unavailable from os-release

2020-09-02 11:03:11 +02:00

fsck

fsck: make sure we don't read an unitialized variable

2021-03-12 18:17:11 +01:00

fstab-generator

fstab-generator: add 'nofail' when NFS 'bg' option is used

2020-09-20 12:03:21 +02:00

fuzz

fuzz-udev-rules: -ENOBUFS should be accepted too

2020-06-25 08:51:21 +02:00

getty-generator

…

gpt-auto-generator

gpt-auto-generator: don't generate systemd-cryptsetup@.service when --Dlibcryptsetup=false

2021-05-15 20:17:37 +02:00

hibernate-resume

Fix generator name in hibernate-resume-generator's drop-in

2020-02-04 14:49:04 +09:00

home

homed: disable event sources before unreffing them

2021-03-12 18:22:59 +01:00

hostname

bus: use bus_log_connect_error to print error message

2020-07-21 10:02:01 +09:00

hwdb

Make failures of mac_selinux_init() fatal

2020-06-23 19:10:07 +02:00

id128

table use table_log_print_error() instead of table_log_show_error

2020-07-08 15:16:52 +08:00

import

curl-util: fix callback prototype

2020-12-08 18:08:31 +01:00

initctl

initctl: use _cleanup_ and run()

2020-07-02 17:12:23 +02:00

journal

sd-journal: add missing bracket in journal verify log message

2021-07-20 18:14:57 +02:00

journal-remote

Removing unused n_fields in journal-gatewayd

2020-12-08 14:36:11 +01:00

kernel-install

kernel-install: don't erase previous errors if a hook returns 77

2021-07-20 18:04:23 +02:00

libsystemd

sd-device: do not use ::subsystem member directly

2021-07-20 18:08:35 +02:00

libsystemd-network

sd-dhcp-client: tentatively ignore FORCERENEW command

2021-07-20 18:14:54 +02:00

libudev

tree-wide: avoid some loaded terms

2020-06-25 09:00:19 +02:00

locale

kbd-model-map: add Latvian keyboard layout mapping

2021-07-20 18:11:56 +02:00

pam: do not require a non-expired password for user@.service

2021-07-20 18:07:45 +02:00

machine

machine: fix error code propagation in two cases

2020-12-08 14:29:02 +01:00

machine-id-setup

…

modules-load

…

mount

bus: use bus_log_connect_error to print error message

2020-07-21 10:02:01 +09:00

network

network: fix an infinite loop

2021-07-20 18:03:56 +02:00

notify

systemd-notify: Fix return value of --booted

2021-05-15 20:16:24 +02:00

nspawn

tree-wide: ignore messages with too long control data

2021-02-02 17:40:52 +01:00

nss-myhostname

tree-wide: use "hostname" spelling everywhere

2020-04-21 16:58:04 +02:00

nss-mymachines

nss-mymachines: drop support for UID/GID resolving

2020-07-14 17:08:12 +02:00

nss-resolve

Fix nss-resolve to properly fallback in a Flatpak sandbox

2021-02-02 17:17:19 +01:00

nss-systemd

nss-systemd: properly handle empty membership lists

2021-05-15 20:27:24 +02:00

partition

partition, random-seed, logind: fix log messages with %m

2021-05-15 20:24:52 +02:00

path

sd-path: drop "-dir" and "-path" suffixes from path enums

2020-05-28 23:54:35 +02:00

portable

portablectl: start/stop path/timer units too

2021-03-12 16:25:01 +01:00

pstore

Merge pull request #16057 from keszybz/resolvectl-sorted-no-nta

2020-06-04 11:30:14 +09:00

quotacheck

…

random-seed

partition, random-seed, logind: fix log messages with %m

2021-05-15 20:24:52 +02:00

rc-local-generator

meson: RC_LOCAL_SCRIPT_PATH_START to RC_LOCAL_PATH

2020-09-20 12:04:22 +02:00

remount-fs

…

reply-password

…

resolve

resolved: do not try to copy empty NSEC types bitmaps

2021-07-20 18:15:14 +02:00

rfkill

rfkill: add some casts to silence -Werror=sign-compare

2021-05-15 20:08:57 +02:00

run

run: update checks to allow running with a user's bus

2021-05-15 20:31:12 +02:00

run-generator

…

shared

shared/format-table: allocate buffer of sufficient size

2021-07-20 18:17:07 +02:00

shutdown

shutdown: log on container exit

2021-05-15 20:15:16 +02:00

sleep

various: treat BUS_ERROR_NO_SUCH_UNIT the same as SD_BUS_ERROR_SERVICE_UNKNOWN

2020-08-26 14:35:32 +02:00

socket-proxy

socket-proxy: close correct fd, log at right log level

2020-12-08 14:53:33 +01:00

stdio-bridge

tree-wide: check POLLNVAL everywhere

2020-06-10 08:57:31 +02:00

sulogin-shell

…

sysctl

journalctl,elsewhere: make sure --file=foo fails with sane error msg if foo is not readable

2020-05-19 15:26:51 +02:00

system-update-generator

…

systemctl

Clarify help information for --global

2021-07-20 18:11:52 +02:00

systemd

pid1: reduce log noise generated by devices with overly long sysfs paths

2021-07-20 18:08:44 +02:00

sysusers

sysusers: use "!*" instead of "!!" as an invalid group password

2020-12-08 14:39:42 +01:00

sysv-generator

sysv-generator: reduce scope of variables

2020-06-24 10:38:15 +02:00

test

time-util: don't use plural units indiscriminately

2021-07-20 18:14:40 +02:00

time-wait-sync

…

timedate

timedated: fix skipping of comments in config file

2021-03-12 18:23:03 +01:00

timesync

trans_time sec is int32,it will overflow if local system time is later than 2038.

2021-03-12 18:22:09 +01:00

tmpfiles

tmpfiles: fix borked assert

2021-07-20 18:15:57 +02:00

tty-ask-password-agent

tty-ask-pw-agent: properly propagate error

2020-09-01 17:17:36 +02:00

udev

udevadm: fix --tag-match help + description

2021-07-20 18:09:54 +02:00

update-done

update-done: Do not fail with read-only /etc or /var

2020-12-08 18:08:30 +01:00

update-utmp

tree-wide: correct cases where return log_{error,warning} is used without value

2020-09-11 19:54:32 +02:00

user-sessions

Make failures of mac_selinux_init() fatal

2020-06-23 19:10:07 +02:00

userdb

userdbctl: add forgotten --output mode in help

2020-09-02 10:58:45 +02:00

vconsole

vconsole-setup: downgrade log message when setting font fails on dummy console

2020-07-20 08:15:50 +02:00

veritysetup

tree-wide: use READ_FULL_FILE_CONNECT_SOCKET at various places

2020-07-21 10:32:01 +02:00

version

tree-wide: spellcheck using codespell

2020-04-16 18:00:40 +02:00

volatile-root

tree-wide: if get_block_device() returns zero devno, check for it in all cases

2020-09-11 19:57:22 +02:00

xdg-autostart-generator

xdg-autostart-generator: ignore DBusActivatable=true

2021-03-12 18:19:45 +01:00