manager: tighten incoming notification message checks

[thirdparty/systemd.git] / src / core / manager.c

diff --git a/src/core/manager.c b/src/core/manager.c
index 66b8904e4ef2f952a0a680f7793bcb5f99e6e987..34db276a7ddbd8ca3ec539ba76b7d52f818ae92c 100644 (file)
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1766,8 +1766,14 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
                 return 0;
         }
 
-        /* The message should be a string. Here we make sure it's NUL-terminated,
-         * but only the part until first NUL will be used anyway. */
+        /* As extra safety check, let's make sure the string we get doesn't contain embedded NUL bytes. We permit one
+         * trailing NUL byte in the message, but don't expect it. */
+        if (n > 1 && memchr(buf, 0, n-1)) {
+                log_warning("Received notify message with embedded NUL bytes. Ignoring.");
+                return 0;
+        }
+
+        /* Make sure it's NUL-terminated. */
         buf[n] = 0;
 
         /* Notify every unit that might be interested, but try