pam_systemd: be more thorough when validating runtime paths

author: Lennart Poettering <lennart@poettering.net> 2020-05-07 13:20:44 +0200
committer: Lennart Poettering <lennart@poettering.net> 2020-05-27 22:47:15 +0200
commit: 6d06dfad85dd15f2aa7de410b742e9f9cd77aaec (patch)
tree: 3ad636c570e980a93f8573259c09405dec5c58f5 /src/login/pam_systemd.c
parent: bb2294e4545ef2685d52ef27e7bc8a5a265d530b (diff)
download: systemd-6d06dfad85dd15f2aa7de410b742e9f9cd77aaec.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index 64771153cd..9d14261cf1 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -468,6 +468,11 @@ static bool validate_runtime_directory(pam_handle_t *handle, const char *path, u
         /* Just some extra paranoia: let's not set $XDG_RUNTIME_DIR if the directory we'd set it to isn't actually set
          * up properly for us. */
 
+        if (!path_is_absolute(path)) {
+                pam_syslog(handle, LOG_ERR, "Provided runtime directory '%s' is not absolute.", path);
+                goto fail;
+        }
+
         if (lstat(path, &st) < 0) {
                 pam_syslog(handle, LOG_ERR, "Failed to stat() runtime directory '%s': %s", path, strerror_safe(errno));
                 goto fail;
author	Lennart Poettering <lennart@poettering.net>	2020-05-07 13:20:44 +0200
committer	Lennart Poettering <lennart@poettering.net>	2020-05-27 22:47:15 +0200
commit	6d06dfad85dd15f2aa7de410b742e9f9cd77aaec (patch)
tree	3ad636c570e980a93f8573259c09405dec5c58f5 /src/login/pam_systemd.c
parent	bb2294e4545ef2685d52ef27e7bc8a5a265d530b (diff)
download	systemd-6d06dfad85dd15f2aa7de410b742e9f9cd77aaec.tar.gz