Rivoreo Source Code Repositories
src.rivoreo.one / systemd-stable / v239-45.2
commit25e2006bff1b82c4cee3d3899ed2874815e81e4a[log] [download]
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>Wed Jun 23 11:46:41 2021 +0200
committerJan Macku <jamacku@redhat.com>Wed Jul 28 13:00:35 2021 +0200
tree83616e1e6b2a510b94cf6a06b0ce1ff9d689cfa2
parentbc21daeb780911d586de7ff0004ed2bc515b8826 [diff]
basic/unit-name: do not use strdupa() on a path

The path may have unbounded length, for example through a fuse mount.

CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
and each mountpoint is passed to mount_setup_unit(), which calls
unit_name_path_escape() underneath. A local attacker who is able to mount a
filesystem with a very long path can crash systemd and the whole system.

https://bugzilla.redhat.com/show_bug.cgi?id=1970887

The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
can't easily check the length after simplification before doing the
simplification, which in turns uses a copy of the string we can write to.
So we can't reject paths that are too long before doing the duplication.
Hence the most obvious solution is to switch back to strdup(), as before
7410616cd9dbbec97cf98d75324da5cda2b2f7a2.

(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9)
1 file changed
tree: 83616e1e6b2a510b94cf6a06b0ce1ff9d689cfa2
  1. .dir-locals.el
  2. .editorconfig
  3. .gitattributes
  4. .github/
  5. .gitignore
  6. .lgtm.yml
  7. .lgtm/cpp-queries/
  8. .mailmap
  9. .mkosi/
  10. .vimrc
  11. .ycm_extra_conf.py
  12. LICENSE.GPL2
  13. LICENSE.LGPL2.1
  14. Makefile
  15. NEWS
  16. README
  17. README.md
  18. TODO
  19. catalog/
  20. coccinelle/
  21. configure
  22. doc/
  23. factory/etc/
  24. hwdb/
  25. man/
  26. meson.build
  27. meson_options.txt
  28. mkosi.build
  29. mkosi.default.mkosi/mkosi.fedora
  30. modprobe.d/
  31. network/
  32. po/
  33. presets/
  34. rules/
  35. shell-completion/
  36. src/
  37. sysctl.d/
  38. sysusers.d/
  39. test/
  40. tmpfiles.d/
  41. tools/
  42. travis-ci/
  43. units/
  44. xorg/
  45. zanata.xml
README.md

systemd - System and Service Manager

Build Status
Coverity Scan Status
CII Best Practices
Build Status

Details

General information about systemd can be found in the systemd Wiki.

Information about build requirements are provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the HACKING file for information how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.