From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 2 May 2023 20:36:59 +0000 (+0200)
Subject: shared: ignore invalid valink socket fd when deserializing
X-Git-Tag: v254-rc1~570^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1febf60f9d67b851e3f0ace2d87b718d3e0b04d5;p=thirdparty%2Fsystemd.git

shared: ignore invalid valink socket fd when deserializing
---

diff --git a/src/shared/varlink.c b/src/shared/varlink.c
index 6b985a4c9b3..808e2b2dbab 100644
--- a/src/shared/varlink.c
+++ b/src/shared/varlink.c
@@ -3063,7 +3063,9 @@ int varlink_server_deserialize_one(VarlinkServer *s, const char *value, FDSet *f
         r = safe_atoi(buf, &fd);
         if (r < 0)
                 return log_debug_errno(r, "Unable to parse VarlinkServerSocket varlink-server-socket-fd=%s: %m", buf);
-
+        if (fd < 0)
+                return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
+                                       "VarlinkServerSocket varlink-server-socket-fd= has an invalid value: %d", fd);
         if (!fdset_contains(fds, fd))
                 return log_debug_errno(SYNTHETIC_ERRNO(EBADF),
                                        "VarlinkServerSocket varlink-server-socket-fd= has unknown fd %d: %m", fd);
diff --git a/test/fuzz/fuzz-manager-serialize/crash-4a3d5bed0213b88d06d6f20e7af44a02daf28961 b/test/fuzz/fuzz-manager-serialize/crash-4a3d5bed0213b88d06d6f20e7af44a02daf28961
new file mode 100644
index 00000000000..724c85a0102
--- /dev/null
+++ b/test/fuzz/fuzz-manager-serialize/crash-4a3d5bed0213b88d06d6f20e7af44a02daf28961
@@ -0,0 +1,5 @@
+current-jobda90d3313a435b56a7-dbus-broker.service-enN2wt
+varlink-server-socket-address=/run/systemd/is.oystem.ManagedOOM varlink-server-socket-fd=-3
+varlink-server-socket-address=/run/systemd/userdb/io.systemd.DynamicUsr varlink-server-socket-fd=44
+
+systemd-udevd-co~ntrassert-timestamp=1682967574856rted-