pam_systemd: be more thorough when validating runtime paths

author Lennart Poettering <lennart@poettering.net>

Thu, 7 May 2020 11:20:44 +0000 (13:20 +0200)

committer Lennart Poettering <lennart@poettering.net>

Wed, 27 May 2020 20:47:15 +0000 (22:47 +0200)
author Lennart Poettering <lennart@poettering.net>
Thu, 7 May 2020 11:20:44 +0000 (13:20 +0200)
committer Lennart Poettering <lennart@poettering.net>
Wed, 27 May 2020 20:47:15 +0000 (22:47 +0200)
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c

index 64771153cd960d2ba471805cf4ce4a5267bd7f01..9d14261cf1320e42360c03a01ffd648e80fe1bc4 100644 (file)
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -468,6 +468,11 @@ static bool validate_runtime_directory(pam_handle_t *handle, const char *path, u
          /* Just some extra paranoia: let's not set $XDG_RUNTIME_DIR if the directory we'd set it to isn't actually set
           * up properly for us. */
  
+        if (!path_is_absolute(path)) {
+                pam_syslog(handle, LOG_ERR, "Provided runtime directory '%s' is not absolute.", path);
+                goto fail;
+        }
+
          if (lstat(path, &st) < 0) {
                  pam_syslog(handle, LOG_ERR, "Failed to stat() runtime directory '%s': %s", path, strerror_safe(errno));
                  goto fail;
author	Lennart Poettering <lennart@poettering.net>
	Thu, 7 May 2020 11:20:44 +0000 (13:20 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 27 May 2020 20:47:15 +0000 (22:47 +0200)