Blame SOURCES/1add8a7d60e46806e0ef87994d3024245db0d84a.patch

cc8a76
From 1add8a7d60e46806e0ef87994d3024245db0d84a Mon Sep 17 00:00:00 2001
cc8a76
From: David Rheinsberg <david.rheinsberg@gmail.com>
cc8a76
Date: Thu, 18 Mar 2021 11:10:02 +0100
cc8a76
Subject: [PATCH] launch/policy: fix incorrect assertion for at_console
cc8a76
cc8a76
We write at_console policies for ranges of uids. If one of those ranges
cc8a76
is 0, an overflow assertion will incorrectly fire. Fix this and simplify
cc8a76
the assertions for better readability.
cc8a76
cc8a76
Note that such empty ranges will happen if more than one user on the
cc8a76
system is considered `at_console` **and** those users have consecutive
cc8a76
UIDs. Another possibility for empty ranges is when uid 0 is considered
cc8a76
at_console.
cc8a76
cc8a76
In any case, the assertion will abort the application incorrectly. So
cc8a76
this is not a security issue, but merely an incorrect assertion.
cc8a76
cc8a76
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
cc8a76
---
cc8a76
 src/launch/policy.c | 5 ++++-
cc8a76
 1 file changed, 4 insertions(+), 1 deletion(-)
cc8a76
cc8a76
diff --git a/src/launch/policy.c b/src/launch/policy.c
cc8a76
index f91f11b..75eb0d3 100644
cc8a76
--- a/src/launch/policy.c
cc8a76
+++ b/src/launch/policy.c
cc8a76
@@ -934,7 +934,10 @@ static int policy_export_xmit(Policy *policy, CList *list1, CList *list2, sd_bus
cc8a76
 static int policy_export_console(Policy *policy, sd_bus_message *m, PolicyEntries *entries, uint32_t uid_start, uint32_t n_uid) {
cc8a76
         int r;
cc8a76
 
cc8a76
-        c_assert(((uint32_t)-1) - n_uid + 1 >= uid_start);
cc8a76
+        /* check for overflow */
cc8a76
+        c_assert(uid_start + n_uid >= uid_start);
cc8a76
+        /* check for encoding into dbus `u` type */
cc8a76
+        c_assert(uid_start + n_uid <= (uint32_t)-1);
cc8a76
 
cc8a76
         if (n_uid == 0)
cc8a76
                 return 0;