From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 7 May 2020 11:20:44 +0000 (+0200)
Subject: pam_systemd: be more thorough when validating runtime paths
X-Git-Tag: v246-rc1~263^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6d06dfad85dd15f2aa7de410b742e9f9cd77aaec;p=thirdparty%2Fsystemd.git

pam_systemd: be more thorough when validating runtime paths
---

diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index 64771153cd9..9d14261cf13 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -468,6 +468,11 @@ static bool validate_runtime_directory(pam_handle_t *handle, const char *path, u
         /* Just some extra paranoia: let's not set $XDG_RUNTIME_DIR if the directory we'd set it to isn't actually set
          * up properly for us. */
 
+        if (!path_is_absolute(path)) {
+                pam_syslog(handle, LOG_ERR, "Provided runtime directory '%s' is not absolute.", path);
+                goto fail;
+        }
+
         if (lstat(path, &st) < 0) {
                 pam_syslog(handle, LOG_ERR, "Failed to stat() runtime directory '%s': %s", path, strerror_safe(errno));
                 goto fail;