From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 29 Jun 2018 10:13:33 +0000 (+0200)
Subject: logind: validate majors/minors we receieve via the bus
X-Git-Tag: v240~168^2~15
X-Git-Url: http://git-history.diyao.me/?a=commitdiff_plain;h=fa583ab176e86464112987b762f272e9deaf8c8a;p=systemd%2F.git

logind: validate majors/minors we receieve via the bus
---

diff --git a/src/login/logind-session-dbus.c b/src/login/logind-session-dbus.c
index 5b09a07ffa..4eae281bd8 100644
--- a/src/login/logind-session-dbus.c
+++ b/src/login/logind-session-dbus.c
@@ -12,6 +12,7 @@
 #include "logind-session.h"
 #include "logind.h"
 #include "signal-util.h"
+#include "stat-util.h"
 #include "strv.h"
 #include "util.h"
 
@@ -380,6 +381,9 @@ static int method_take_device(sd_bus_message *message, void *userdata, sd_bus_er
         if (r < 0)
                 return r;
 
+        if (!DEVICE_MAJOR_VALID(major) || !DEVICE_MINOR_VALID(minor))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Device major/minor is not valid.");
+
         if (!session_is_controller(s, sd_bus_message_get_sender(message)))
                 return sd_bus_error_setf(error, BUS_ERROR_NOT_IN_CONTROL, "You are not in control of this session");
 
@@ -427,6 +431,9 @@ static int method_release_device(sd_bus_message *message, void *userdata, sd_bus
         if (r < 0)
                 return r;
 
+        if (!DEVICE_MAJOR_VALID(major) || !DEVICE_MINOR_VALID(minor))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Device major/minor is not valid.");
+
         if (!session_is_controller(s, sd_bus_message_get_sender(message)))
                 return sd_bus_error_setf(error, BUS_ERROR_NOT_IN_CONTROL, "You are not in control of this session");
 
@@ -455,6 +462,9 @@ static int method_pause_device_complete(sd_bus_message *message, void *userdata,
         if (r < 0)
                 return r;
 
+        if (!DEVICE_MAJOR_VALID(major) || !DEVICE_MINOR_VALID(minor))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Device major/minor is not valid.");
+
         if (!session_is_controller(s, sd_bus_message_get_sender(message)))
                 return sd_bus_error_setf(error, BUS_ERROR_NOT_IN_CONTROL, "You are not in control of this session");