From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 31 Jan 2022 16:58:18 +0000 (+0100)
Subject: tree-wide: some additional checks to avoid CVE-2021-4034 style weaknesses
X-Git-Tag: v251-rc1~401
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=69339ae9f719adc11a4a47985e8f6b848e51beea;p=thirdparty%2Fsystemd.git

tree-wide: some additional checks to avoid CVE-2021-4034 style weaknesses
---

diff --git a/src/core/execute.c b/src/core/execute.c
index d3266a9ab53..f2b58303df0 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -4058,6 +4058,10 @@ static int exec_child(
         assert(params);
         assert(exit_status);
 
+        /* Explicitly test for CVE-2021-4034 inspired invocations */
+        assert(command->path);
+        assert(!strv_isempty(command->argv));
+
         rename_process_from_path(command->path);
 
         /* We reset exactly these signals, since they are the only ones we set to SIG_IGN in the main
diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c
index b93de9c9227..c1da81e8093 100644
--- a/src/shared/exec-util.c
+++ b/src/shared/exec-util.c
@@ -449,7 +449,16 @@ ExecCommandFlags exec_command_flags_from_string(const char *s) {
 }
 
 int fexecve_or_execve(int executable_fd, const char *executable, char *const argv[], char *const envp[]) {
+        /* Refuse invalid fds, regardless if fexecve() use is enabled or not */
+        if (executable_fd < 0)
+                return -EBADF;
+
+        /* Block any attempts on exploiting Linux' liberal argv[] handling, i.e. CVE-2021-4034 and suchlike */
+        if (isempty(executable) || strv_isempty(argv))
+                return -EINVAL;
+
 #if ENABLE_FEXECVE
+
         execveat(executable_fd, "", argv, envp, AT_EMPTY_PATH);
 
         if (IN_SET(errno, ENOSYS, ENOENT) || ERRNO_IS_PRIVILEGE(errno))