From 1b9c5bf5c3cc5d76eba12205ed17002fbf2c6a6e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 26 May 2025 12:04:44 +0200 Subject: [PATCH] [PATCH] coredump: get rid of _META_MANDATORY_MAX No functional change. This change is done in preparation for future changes. Currently, the list of fields which are received on the command line is a strict subset of the fields which are always expected to be received on a socket. But when we add new kernel args in the future, we'll have two non-overlapping sets and this approach will not work. Get rid of the variable and enumerate the required fields. This set will never change, so this is actually more maintainable. The message with the hint where to add new fields is switched with _META_ARGV_MAX. The new order is more correct. (cherry-picked from 49f1f2d4a7612bbed5211a73d11d6a94fbe3bb69) (cherry-picked from aea6a631bca93e8b04a11aaced694f25f4da155e) (cherry picked from cf16b6b6b2e0a656531bfd73ad66be3817b155cd) (cherry picked from commit b46a4f023cd80b24c8f1aa7a95700bc0cb828cdc) (cherry picked from commit 5855552310ed279180c21cb803408aa2ce36053d) (cherry picked from commit cc31f2d4146831b9f2fe7bf584468908ff9c4de5) Origin: upstream, https://github.com/systemd/systemd-stable/commit/2c81e60fe0b8c506a4fe902e45bed6f58f482b39 Forwarded: not-needed Last-Update: 2025-06-23 Gbp-Pq: Name CVE-2025-4598-3.patch --- src/coredump/coredump.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index a5fcb942..f787a7a0 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -68,7 +68,7 @@ * size. See DATA_SIZE_MAX in journal-importer.h. */ assert_cc(JOURNAL_SIZE_MAX <= DATA_SIZE_MAX); -enum { +typedef enum { /* We use these as array indexes for our process metadata cache. * * The first indices of the cache stores the same metadata as the ones passed by @@ -94,16 +94,15 @@ enum { * environment. */ META_COMM = _META_ARGV_MAX, - _META_MANDATORY_MAX, /* The rest are similar to the previous ones except that we won't fail if one of * them is missing in a message sent over the socket. */ - META_EXE = _META_MANDATORY_MAX, + META_EXE, META_UNIT, META_PROC_AUXV, _META_MAX -}; +} meta_argv_t; static const char * const meta_field_names[_META_MAX] = { [META_ARGV_PID] = "COREDUMP_PID=", @@ -1018,7 +1017,7 @@ static int process_socket(int fd) { Context context = {}; struct iovec_wrapper iovw = {}; struct iovec iovec; - int i, r; + int r; assert(fd >= 0); @@ -1095,12 +1094,24 @@ static int process_socket(int fd) { if (r < 0) goto finish; - /* Make sure we received at least all fields we need. */ - for (i = 0; i < _META_MANDATORY_MAX; i++) + /* Make sure we received all the expected fields. We support being called by an *older* + * systemd-coredump from the outside, so we require only the basic set of fields that + * was being sent when the support for sending to containers over a socket was added + * in a108c43e36d3ceb6e34efe37c014fc2cda856000. */ + meta_argv_t i; + VA_ARGS_FOREACH(i, + META_ARGV_PID, + META_ARGV_UID, + META_ARGV_GID, + META_ARGV_SIGNAL, + META_ARGV_TIMESTAMP, + META_ARGV_RLIMIT, + META_ARGV_HOSTNAME, + META_COMM) if (!context.meta[i]) { r = log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "A mandatory argument (%i) has not been sent, aborting.", - i); + "Mandatory argument %s not received on socket, aborting.", + meta_field_names[i]); goto finish; } -- 2.30.2