]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1d43806) | patch
core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)
authorLennart Poettering <lennart@poettering.net>
Wed, 17 Oct 2018 16:36:24 +0000 (18:36 +0200)
committerLukáš Nykrýn <lnykryn@redhat.com>
Thu, 17 Jan 2019 09:01:12 +0000 (10:01 +0100)
commit55a1c766445750aaefe28bd7bea454f5f1cff9bb
treea214f8d8c8343f9334dcac2769369c25501bf440tree | snapshot
parent1d43806017a0df257fef8ed6f79e12ee69c5bc20commit | diff
core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)

This should be much better than fgets(), as we can read substantially
longer lines and overly long lines result in proper errors.

Fixes a vulnerability discovered by Jann Horn at Google.

CVE-2018-15686
LP: #1796402
https://bugzilla.redhat.com/show_bug.cgi?id=1639071

(cherry picked from commit 8948b3415d762245ebf5e19d80b97d4d8cc208c1)

Resolves: CVE-2018-15686
src/core/job.c diff | blob | blame | history
src/core/manager.c diff | blob | blame | history
src/core/unit.c diff | blob | blame | history
src/core/unit.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.