From 558c6490b1df7f82a63d0a747fda7412c4d28b0c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 22 May 2014 10:35:28 +0900 Subject: [PATCH 1/1] logind: also escape external data when saving to /run Better be safe than sorry... --- src/login/logind-session.c | 54 +++++++++++++++++++++++++++++++------- 1 file changed, 45 insertions(+), 9 deletions(-) diff --git a/src/login/logind-session.c b/src/login/logind-session.c index 9a5410130..fdeacb150 100644 --- a/src/login/logind-session.c +++ b/src/login/logind-session.c @@ -213,7 +213,6 @@ int session_save(Session *s) { if (s->scope) fprintf(f, "SCOPE=%s\n", s->scope); - if (s->scope_job) fprintf(f, "SCOPE_JOB=%s\n", s->scope_job); @@ -229,17 +228,54 @@ int session_save(Session *s) { if (s->display) fprintf(f, "DISPLAY=%s\n", s->display); - if (s->remote_host) - fprintf(f, "REMOTE_HOST=%s\n", s->remote_host); + if (s->remote_host) { + _cleanup_free_ char *escaped; + + escaped = cescape(s->remote_host); + if (!escaped) { + r = -ENOMEM; + goto finish; + } + + fprintf(f, "REMOTE_HOST=%s\n", escaped); + } + + if (s->remote_user) { + _cleanup_free_ char *escaped; + + escaped = cescape(s->remote_user); + if (!escaped) { + r = -ENOMEM; + goto finish; + } + + fprintf(f, "REMOTE_USER=%s\n", escaped); + } + + if (s->service) { + _cleanup_free_ char *escaped; - if (s->remote_user) - fprintf(f, "REMOTE_USER=%s\n", s->remote_user); + escaped = cescape(s->service); + if (!escaped) { + r = -ENOMEM; + goto finish; + } + + fprintf(f, "SERVICE=%s\n", escaped); + } - if (s->service) - fprintf(f, "SERVICE=%s\n", s->service); + if (s->desktop) { + _cleanup_free_ char *escaped; - if (s->desktop) - fprintf(f, "DESKTOP=%s\n", s->desktop); + + escaped = cescape(s->desktop); + if (!escaped) { + r = -ENOMEM; + goto finish; + } + + fprintf(f, "DESKTOP=%s\n", escaped); + } if (s->seat && seat_has_vts(s->seat)) fprintf(f, "VTNR=%u\n", s->vtnr); -- 2.30.2