core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)
This should be much better than fgets(), as we can read substantially
longer lines and overly long lines result in proper errors.
Fixes a vulnerability discovered by Jann Horn at Google.
CVE-2018-15686
LP: #
1796402
https://bugzilla.redhat.com/show_bug.cgi?id=
1639071
(cherry picked from commit
8948b3415d762245ebf5e19d80b97d4d8cc208c1)
(cherry picked from commit
1a05ff4948d778280ec155a9abe69d3360bfddd9)
Gbp-Pq: Name core-when-deserializing-state-always-use-read_line-LONG_L.patch
projects / systemd.git / commit