From d77d42ed3ae95ee035dce4707777b077d1a9bf8b Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 11 Mar 2023 17:03:37 +0900 Subject: [PATCH] systemctl: refuse to acquire dbus connection with --global Maybe, better to check the runtime scope each verb for better log message, but this is a good start point to not trigger assertion. Fixes oss-fuzz#56915 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56915). Fixes #26402 and #26754. --- src/systemctl/systemctl-util.c | 3 +++ .../fuzz-systemctl-parse-argv/oss-fuzz-56915 | Bin 0 -> 3362 bytes 2 files changed, 3 insertions(+) create mode 100644 test/fuzz/fuzz-systemctl-parse-argv/oss-fuzz-56915 diff --git a/src/systemctl/systemctl-util.c b/src/systemctl/systemctl-util.c index bc1be36bd2a..6e87b184943 100644 --- a/src/systemctl/systemctl-util.c +++ b/src/systemctl/systemctl-util.c @@ -36,6 +36,9 @@ int acquire_bus(BusFocus focus, sd_bus **ret) { assert(focus < _BUS_FOCUS_MAX); assert(ret); + if (!IN_SET(arg_runtime_scope, RUNTIME_SCOPE_SYSTEM, RUNTIME_SCOPE_USER)) + return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "--global is not supported for this operation."); + /* We only go directly to the manager, if we are using a local transport */ if (arg_transport != BUS_TRANSPORT_LOCAL) focus = BUS_FULL; diff --git a/test/fuzz/fuzz-systemctl-parse-argv/oss-fuzz-56915 b/test/fuzz/fuzz-systemctl-parse-argv/oss-fuzz-56915 new file mode 100644 index 0000000000000000000000000000000000000000..17656f1fb90c75b00816f346f528eb1c2b69b9c8 GIT binary patch literal 3362 zc-mvo)h%Vv^^J~BKmdgVOc0F?U@9AOTETj;>4$^Q3mTW=lOGwu<>})?eOnc%>|mmF zGU)2&rrM&B=?n}EXrcojH_;;pjL=*)$g~n0Nz{yaVDY+m2qjP2L{(;9W(jdFiHRNs zqXpuSEMG>8WfH(>K1U5+yiIfrkU=mq&_G0VZLOmNu;G`KpI@Szlb@K9TBMuGkdc~G F004%{xBLJA literal 0 Hc-jL100001 -- 2.47.3