[systemd-devel] [PATCH] core: Fix assertion with empty Exec*= paths

Martin Pitt martin.pitt at ubuntu.com
Thu May 14 00:15:10 PDT 2015

Martin Pitt [2015-05-13 17:01 +0200]:
> I got a report [1] that you can trivially crash systemd (pid1) at boot
> by creating a unit with an Exec= line with a modifier and a space:
> $ cat /tmp/foo.service
> [Service]
> ExecStart=- /bin/echo hello
> $ systemd-analyze verify /tmp/foo.service
> Assertion 'skip < l' failed at ../src/core/load-fragment.c:607, function config_parse_exec(). Aborting.
> Aborted (core dumped)
> systemd pid 1 will crash the same way at boot, but with
> systemd-analyze it's less harmful to test :-)

This patch is a minimally invasive and straighforward fix for this
with the behaviour as discussed.  It is appropriate for the stable
branch and distro updates for stable releases.

I'd like to do the rewriting to unquote_first_word() in a separate
commit; it's easy to miss subtle corner cases. This is already
mentioned in TODO:

  * code cleanup: retire FOREACH_WORD_QUOTED, port to unquote_first_word() loops instead

(from the similar recent crash fixed in 470dca63c)


Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-core-Fix-assertion-with-empty-Exec-paths.patch
Type: text/x-diff
Size: 2928 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150514/9c4b9e92/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150514/9c4b9e92/attachment.sig>

More information about the systemd-devel mailing list