From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 22 May 2014 01:35:28 +0000 (+0900)
Subject: logind: also escape external data when saving to /run
X-Git-Tag: v213~44
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=558c6490b1df7f82a63d0a747fda7412c4d28b0c;hp=eaa3b74dfd6395c8abaa8416d90dac5e0dc00e15

logind: also escape external data when saving to /run

Better be safe than sorry...
---

diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index 9a5410130..fdeacb150 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -213,7 +213,6 @@ int session_save(Session *s) {
 
         if (s->scope)
                 fprintf(f, "SCOPE=%s\n", s->scope);
-
         if (s->scope_job)
                 fprintf(f, "SCOPE_JOB=%s\n", s->scope_job);
 
@@ -229,17 +228,54 @@ int session_save(Session *s) {
         if (s->display)
                 fprintf(f, "DISPLAY=%s\n", s->display);
 
-        if (s->remote_host)
-                fprintf(f, "REMOTE_HOST=%s\n", s->remote_host);
+        if (s->remote_host) {
+                _cleanup_free_ char *escaped;
+
+                escaped = cescape(s->remote_host);
+                if (!escaped) {
+                        r = -ENOMEM;
+                        goto finish;
+                }
+
+                fprintf(f, "REMOTE_HOST=%s\n", escaped);
+        }
+
+        if (s->remote_user) {
+                _cleanup_free_ char *escaped;
+
+                escaped = cescape(s->remote_user);
+                if (!escaped) {
+                        r = -ENOMEM;
+                        goto finish;
+                }
+
+                fprintf(f, "REMOTE_USER=%s\n", escaped);
+        }
+
+        if (s->service) {
+                _cleanup_free_ char *escaped;
 
-        if (s->remote_user)
-                fprintf(f, "REMOTE_USER=%s\n", s->remote_user);
+                escaped = cescape(s->service);
+                if (!escaped) {
+                        r = -ENOMEM;
+                        goto finish;
+                }
+
+                fprintf(f, "SERVICE=%s\n", escaped);
+        }
 
-        if (s->service)
-                fprintf(f, "SERVICE=%s\n", s->service);
+        if (s->desktop) {
+                _cleanup_free_ char *escaped;
 
-        if (s->desktop)
-                fprintf(f, "DESKTOP=%s\n", s->desktop);
+
+                escaped = cescape(s->desktop);
+                if (!escaped) {
+                        r = -ENOMEM;
+                        goto finish;
+                }
+
+                fprintf(f, "DESKTOP=%s\n", escaped);
+        }
 
         if (s->seat && seat_has_vts(s->seat))
                 fprintf(f, "VTNR=%u\n", s->vtnr);