From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 2 Apr 2024 16:31:03 +0000 (+0200)
Subject: core: correctly deserialize credentials with empty payload
X-Git-Tag: v256-rc1~338^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=347756ed810e28bac5e5b0c1f12978f91dfa65c8;p=thirdparty%2Fsystemd.git

core: correctly deserialize credentials with empty payload

For example with SetCredential=mycred: the data payload is empty, but it
is still a valid credential.

This reorders the arguments when serializing credentials, so the
possibly empty argument is not at the end of the serialized string. This
way we can still easily use the extract_many_words() machinery, and with
the use of EXTRACT_DONT_COALESCE_SEPARATORS properly deserialize even an
empty credential. This changes LoadCredentials= as well just to keep the
code for (de)serializing both directives in sync.
---

diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c
index 1ae77f39fb9..9e402e5e697 100644
--- a/src/core/execute-serialize.c
+++ b/src/core/execute-serialize.c
@@ -2544,14 +2544,14 @@ static int exec_context_serialize(const ExecContext *c, FILE *f) {
                 if (base64mem(sc->data, sc->size, &data) < 0)
                         return log_oom_debug();
 
-                r = serialize_item_format(f, "exec-context-set-credentials", "%s %s %s", sc->id, yes_no(sc->encrypted), data);
+                r = serialize_item_format(f, "exec-context-set-credentials", "%s %s %s", sc->id, data, yes_no(sc->encrypted));
                 if (r < 0)
                         return r;
         }
 
         ExecLoadCredential *lc;
         HASHMAP_FOREACH(lc, c->load_credentials) {
-                r = serialize_item_format(f, "exec-context-load-credentials", "%s %s %s", lc->id, yes_no(lc->encrypted), lc->path);
+                r = serialize_item_format(f, "exec-context-load-credentials", "%s %s %s", lc->id, lc->path, yes_no(lc->encrypted));
                 if (r < 0)
                         return r;
         }
@@ -3668,7 +3668,7 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) {
                         _cleanup_(exec_set_credential_freep) ExecSetCredential *sc = NULL;
                         _cleanup_free_ char *id = NULL, *encrypted = NULL, *data = NULL;
 
-                        r = extract_many_words(&val, " ", 0, &id, &encrypted, &data);
+                        r = extract_many_words(&val, " ", EXTRACT_DONT_COALESCE_SEPARATORS, &id, &data, &encrypted);
                         if (r < 0)
                                 return r;
                         if (r != 3)
@@ -3700,7 +3700,7 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) {
                         _cleanup_(exec_load_credential_freep) ExecLoadCredential *lc = NULL;
                         _cleanup_free_ char *id = NULL, *encrypted = NULL, *path = NULL;
 
-                        r = extract_many_words(&val, " ", 0, &id, &encrypted, &path);
+                        r = extract_many_words(&val, " ", EXTRACT_DONT_COALESCE_SEPARATORS, &id, &path, &encrypted);
                         if (r < 0)
                                 return r;
                         if (r != 3)