From 1f4e9f6d605f9cee7ef43373cd307ffb1445e562 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 26 Jul 2025 02:06:45 +0900 Subject: [PATCH] core/exec-invoke: check size of read size Even though we do not use the read data, it is better to check the size to prevent something spurious going. Fixes CID#1612155. --- src/core/exec-invoke.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index dbac2958243..56facd94c3f 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -2244,8 +2244,11 @@ static int setup_private_users_child(int unshare_ready_fd, const char *uid_map, /* Wait until the parent unshared the user namespace */ uint64_t c; - if (read(unshare_ready_fd, &c, sizeof(c)) < 0) + ssize_t n = read(unshare_ready_fd, &c, sizeof(c)); + if (n < 0) return log_debug_errno(errno, "Failed to read from signaling eventfd: %m"); + if (n != sizeof(c)) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Short read from signaling eventfd."); /* Disable the setgroups() system call in the child user namespace, for good, unless PrivateUsers=full * and using the system service manager. */ -- 2.47.3