git.ipfire.org Git - thirdparty/systemd.git/commit

core/load-fragment: reject overly long paths early

No need to go through the specifier_printf() if the path is already too long in
the unexpanded form (since specifiers increase the length of the string in all
practical cases).

In the oss-fuzz test case, valgrind reports:
total heap usage: 179,044 allocs, 179,044 frees, 72,687,755,703 bytes allocated
and the original config file is ~500kb. This isn't really a security issue,
since the config file has to be trusted any way, but just a matter of
preventing accidental resource exhaustion.

https://oss-fuzz.com/v2/issue/4651449704251392/6977

While at it, fix order of arguments in the neighbouring log_syntax() call.

author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Mon, 19 Mar 2018 14:43:35 +0000 (15:43 +0100)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Tue, 20 Mar 2018 23:46:13 +0000 (00:46 +0100)
commit	e3c3d6761b3e7d7b628a5bcbbabeb9e6e06bb6a3
tree	a6a5e39d45ff229046820f27f4da7f16c6d3ea5a	tree \| snapshot
parent	e127f26b1a19571a4da6094c226ad5f34438357a	commit \| diff

src/core/load-fragment.c		diff \| blob \| blame \| history
test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6977	[new file with mode: 0644]	blob
test/fuzz-regressions/meson.build		diff \| blob \| blame \| history