executor: return instead of assert on invalid command line arguments

Before the split, it made sense to assert, as checks were on setup.
But now these come from deserialization, and the fuzzer hits the
asserts, so simply return an error instead.

diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index c6ef2953c8d846b8295da495e468f194ff13af0b..02d6af29f88fdce4359c0ff977988d75822f83c2 100644 (file)
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -3914,8 +3914,14 @@ int exec_invoke(
         assert(exit_status);
 
         /* Explicitly test for CVE-2021-4034 inspired invocations */
-        assert(command->path);
-        assert(!strv_isempty(command->argv));
+        if (!command->path || strv_isempty(command->argv)) {
+                *exit_status = EXIT_EXEC;
+                return log_exec_error_errno(
+                                context,
+                                params,
+                                SYNTHETIC_ERRNO(EINVAL),
+                                "Invalid command line arguments.");
+        }
 
         LOG_CONTEXT_PUSH_EXEC(context, params);