From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 11 Mar 2023 08:03:37 +0000 (+0900)
Subject: systemctl: refuse to acquire dbus connection with --global
X-Git-Tag: v254-rc1~1052
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d77d42ed3ae95ee035dce4707777b077d1a9bf8b;p=thirdparty%2Fsystemd.git

systemctl: refuse to acquire dbus connection with --global

Maybe, better to check the runtime scope each verb for better log
message, but this is a good start point to not trigger assertion.

Fixes oss-fuzz#56915 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56915).

Fixes #26402 and #26754.
---

diff --git a/src/systemctl/systemctl-util.c b/src/systemctl/systemctl-util.c
index bc1be36bd2a..6e87b184943 100644
--- a/src/systemctl/systemctl-util.c
+++ b/src/systemctl/systemctl-util.c
@@ -36,6 +36,9 @@ int acquire_bus(BusFocus focus, sd_bus **ret) {
         assert(focus < _BUS_FOCUS_MAX);
         assert(ret);
 
+        if (!IN_SET(arg_runtime_scope, RUNTIME_SCOPE_SYSTEM, RUNTIME_SCOPE_USER))
+                return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "--global is not supported for this operation.");
+
         /* We only go directly to the manager, if we are using a local transport */
         if (arg_transport != BUS_TRANSPORT_LOCAL)
                 focus = BUS_FULL;
diff --git a/test/fuzz/fuzz-systemctl-parse-argv/oss-fuzz-56915 b/test/fuzz/fuzz-systemctl-parse-argv/oss-fuzz-56915
new file mode 100644
index 00000000000..17656f1fb90
Binary files /dev/null and b/test/fuzz/fuzz-systemctl-parse-argv/oss-fuzz-56915 differ