systemctl: refuse to acquire dbus connection with --global

Maybe, better to check the runtime scope each verb for better log
message, but this is a good start point to not trigger assertion.

Fixes oss-fuzz#56915 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56915).

Fixes #26402 and #26754.

diff --git a/src/systemctl/systemctl-util.c b/src/systemctl/systemctl-util.c
index bc1be36bd2ae08f78ac5c0ccf22443fb27d5b4ad..6e87b184943adb459086b8016d82d3b165744d6d 100644 (file)
--- a/src/systemctl/systemctl-util.c
+++ b/src/systemctl/systemctl-util.c
@@ -36,6 +36,9 @@ int acquire_bus(BusFocus focus, sd_bus **ret) {
         assert(focus < _BUS_FOCUS_MAX);
         assert(ret);
 
+        if (!IN_SET(arg_runtime_scope, RUNTIME_SCOPE_SYSTEM, RUNTIME_SCOPE_USER))
+                return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "--global is not supported for this operation.");
+
         /* We only go directly to the manager, if we are using a local transport */
         if (arg_transport != BUS_TRANSPORT_LOCAL)
                 focus = BUS_FULL;

diff --git a/test/fuzz/fuzz-systemctl-parse-argv/oss-fuzz-56915 b/test/fuzz/fuzz-systemctl-parse-argv/oss-fuzz-56915
new file mode 100644 (file)
index 0000000..17656f1
Binary files /dev/null and b/test/fuzz/fuzz-systemctl-parse-argv/oss-fuzz-56915 differ