core: check the unit type more thoroughly when deserializing

Resolves: #27523

diff --git a/src/core/unit.c b/src/core/unit.c
index c7635a291c5d9a2f7858f8ce7ead4dee688ac2ea..4e9ae6148f396b08c4f137475cdfdd8b34d4e524 100644 (file)
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -6162,7 +6162,9 @@ int activation_details_deserialize(const char *key, const char *value, Activatio
                         return -EINVAL;
 
                 t = unit_type_from_string(value);
-                if (t == _UNIT_TYPE_INVALID)
+                /* The activation details vtable has defined ops only for path
+                 * and timer units */
+                if (!IN_SET(t, UNIT_PATH, UNIT_TIMER))
                         return -EINVAL;
 
                 *details = malloc0(activation_details_vtable[t]->object_size);

diff --git a/test/fuzz/fuzz-manager-serialize/clusterfuzz-testcase-minimized-fuzz-manager-serialize-6207619447259136.fuzz b/test/fuzz/fuzz-manager-serialize/clusterfuzz-testcase-minimized-fuzz-manager-serialize-6207619447259136.fuzz
new file mode 100644 (file)
index 0000000..b3f5c9b
--- /dev/null
+++ b/test/fuzz/fuzz-manager-serialize/clusterfuzz-testcase-minimized-fuzz-manager-serialize-6207619447259136.fuzz
@@ -0,0 +1,4 @@
+
+d.socket
+job
+activation-details-unit-type=service
\ No newline at end of file