From: David Tardon <dtardon@redhat.com>
Date: Thu, 6 Nov 2025 13:04:32 +0000 (+0100)
Subject: ask-password-api: return if read_credential() failed
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=399c9f847e222d6e62c553ac9ea2bebeb7c1be7f;p=thirdparty%2Fsystemd.git

ask-password-api: return if read_credential() failed

The current code causes assertion in strv_parse_nulstr() if
read_credential() results in an error different from ENXIO or ENOENT
(strace shows I'm getting EACCES):

 # homectl create waldo --real-name=Waldo --disk-size=200M

Before:

 Assertion 's || l <= 0' failed at src/basic/nulstr-util.c:32, function strv_parse_nulstr_full(). Aborting.

After:

 Failed to acquire password: Permission denied

Follow-up-for: 8806bb4bc7fa15d6ca46e81b8d535730209a3b66
---

diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index dd6b8abc654..b8602eee788 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -1133,6 +1133,8 @@ static int ask_password_credential(const AskPasswordRequest *req, AskPasswordFla
         r = read_credential(req->credential, (void**) &buffer, &size);
         if (IN_SET(r, -ENXIO, -ENOENT)) /* No credentials passed or this credential not defined? */
                 return -ENOKEY;
+        if (r < 0)
+                return r;
 
         l = strv_parse_nulstr(buffer, size);
         if (!l)