From: Luca Boccassi <bluca@debian.org>
Date: Thu, 19 Oct 2023 19:53:10 +0000 (+0100)
Subject: executor: return instead of assert on invalid command line arguments
X-Git-Tag: v255-rc1~192
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=856bed0abe72b5a368b66cc77944514a1f39b5f0;p=thirdparty%2Fsystemd.git

executor: return instead of assert on invalid command line arguments

Before the split, it made sense to assert, as checks were on setup.
But now these come from deserialization, and the fuzzer hits the
asserts, so simply return an error instead.
---

diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index c6ef2953c8d..02d6af29f88 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -3914,8 +3914,14 @@ int exec_invoke(
         assert(exit_status);
 
         /* Explicitly test for CVE-2021-4034 inspired invocations */
-        assert(command->path);
-        assert(!strv_isempty(command->argv));
+        if (!command->path || strv_isempty(command->argv)) {
+                *exit_status = EXIT_EXEC;
+                return log_exec_error_errno(
+                                context,
+                                params,
+                                SYNTHETIC_ERRNO(EINVAL),
+                                "Invalid command line arguments.");
+        }
 
         LOG_CONTEXT_PUSH_EXEC(context, params);