diff options
author | Lennart Poettering <lennart@poettering.net> | 2020-05-07 13:20:44 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2020-05-27 22:47:15 +0200 |
commit | 6d06dfad85dd15f2aa7de410b742e9f9cd77aaec (patch) | |
tree | 3ad636c570e980a93f8573259c09405dec5c58f5 /src/login/pam_systemd.c | |
parent | bb2294e4545ef2685d52ef27e7bc8a5a265d530b (diff) | |
download | systemd-6d06dfad85dd15f2aa7de410b742e9f9cd77aaec.tar.gz |
pam_systemd: be more thorough when validating runtime paths
Diffstat (limited to 'src/login/pam_systemd.c')
-rw-r--r-- | src/login/pam_systemd.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 64771153cd..9d14261cf1 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -468,6 +468,11 @@ static bool validate_runtime_directory(pam_handle_t *handle, const char *path, u /* Just some extra paranoia: let's not set $XDG_RUNTIME_DIR if the directory we'd set it to isn't actually set * up properly for us. */ + if (!path_is_absolute(path)) { + pam_syslog(handle, LOG_ERR, "Provided runtime directory '%s' is not absolute.", path); + goto fail; + } + if (lstat(path, &st) < 0) { pam_syslog(handle, LOG_ERR, "Failed to stat() runtime directory '%s': %s", path, strerror_safe(errno)); goto fail; |