From 856bed0abe72b5a368b66cc77944514a1f39b5f0 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Thu, 19 Oct 2023 20:53:10 +0100
Subject: [PATCH] executor: return instead of assert on invalid command line
 arguments

Before the split, it made sense to assert, as checks were on setup.
But now these come from deserialization, and the fuzzer hits the
asserts, so simply return an error instead.
---
 src/core/exec-invoke.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index c6ef2953c8d..02d6af29f88 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -3914,8 +3914,14 @@ int exec_invoke(
         assert(exit_status);
 
         /* Explicitly test for CVE-2021-4034 inspired invocations */
-        assert(command->path);
-        assert(!strv_isempty(command->argv));
+        if (!command->path || strv_isempty(command->argv)) {
+                *exit_status = EXIT_EXEC;
+                return log_exec_error_errno(
+                                context,
+                                params,
+                                SYNTHETIC_ERRNO(EINVAL),
+                                "Invalid command line arguments.");
+        }
 
         LOG_CONTEXT_PUSH_EXEC(context, params);
 
-- 
2.47.3