From 1febf60f9d67b851e3f0ace2d87b718d3e0b04d5 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Tue, 2 May 2023 22:36:59 +0200 Subject: [PATCH] shared: ignore invalid valink socket fd when deserializing --- src/shared/varlink.c | 4 +++- .../crash-4a3d5bed0213b88d06d6f20e7af44a02daf28961 | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 test/fuzz/fuzz-manager-serialize/crash-4a3d5bed0213b88d06d6f20e7af44a02daf28961 diff --git a/src/shared/varlink.c b/src/shared/varlink.c index 6b985a4c9b3..808e2b2dbab 100644 --- a/src/shared/varlink.c +++ b/src/shared/varlink.c @@ -3063,7 +3063,9 @@ int varlink_server_deserialize_one(VarlinkServer *s, const char *value, FDSet *f r = safe_atoi(buf, &fd); if (r < 0) return log_debug_errno(r, "Unable to parse VarlinkServerSocket varlink-server-socket-fd=%s: %m", buf); - + if (fd < 0) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), + "VarlinkServerSocket varlink-server-socket-fd= has an invalid value: %d", fd); if (!fdset_contains(fds, fd)) return log_debug_errno(SYNTHETIC_ERRNO(EBADF), "VarlinkServerSocket varlink-server-socket-fd= has unknown fd %d: %m", fd); diff --git a/test/fuzz/fuzz-manager-serialize/crash-4a3d5bed0213b88d06d6f20e7af44a02daf28961 b/test/fuzz/fuzz-manager-serialize/crash-4a3d5bed0213b88d06d6f20e7af44a02daf28961 new file mode 100644 index 00000000000..724c85a0102 --- /dev/null +++ b/test/fuzz/fuzz-manager-serialize/crash-4a3d5bed0213b88d06d6f20e7af44a02daf28961 @@ -0,0 +1,5 @@ +current-jobda90d3313a435b56a7-dbus-broker.service-enN2wt +varlink-server-socket-address=/run/systemd/is.oystem.ManagedOOM varlink-server-socket-fd=-3 +varlink-server-socket-address=/run/systemd/userdb/io.systemd.DynamicUsr varlink-server-socket-fd=44 + +systemd-udevd-co~ntrassert-timestamp=1682967574856rted- -- 2.47.3