From 6d06dfad85dd15f2aa7de410b742e9f9cd77aaec Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 7 May 2020 13:20:44 +0200 Subject: [PATCH] pam_systemd: be more thorough when validating runtime paths --- src/login/pam_systemd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 64771153cd9..9d14261cf13 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -468,6 +468,11 @@ static bool validate_runtime_directory(pam_handle_t *handle, const char *path, u /* Just some extra paranoia: let's not set $XDG_RUNTIME_DIR if the directory we'd set it to isn't actually set * up properly for us. */ + if (!path_is_absolute(path)) { + pam_syslog(handle, LOG_ERR, "Provided runtime directory '%s' is not absolute.", path); + goto fail; + } + if (lstat(path, &st) < 0) { pam_syslog(handle, LOG_ERR, "Failed to stat() runtime directory '%s': %s", path, strerror_safe(errno)); goto fail; -- 2.39.5