Merge branch 'systemd-security/coredump-capabilities'

CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel setting Affects systemd >= 247 with libacl support enabled. This is a merge of systemd/systemd-security#12. I'm doing the merge locally because github doesn't support merging directly from systemd/systemd-security to systemd/systemd.
systemd · Dec 20, 2022 · b764142 · b764142
2 parents f206809 + 3e4d0f6
commit b764142
Show file tree

Hide file tree

Showing 2 changed files with 220 additions and 41 deletions.
diff --git a/src/basic/io-util.h b/src/basic/io-util.h
@@ -91,7 +91,16 @@ struct iovec_wrapper *iovw_new(void);
 struct iovec_wrapper *iovw_free(struct iovec_wrapper *iovw);
 struct iovec_wrapper *iovw_free_free(struct iovec_wrapper *iovw);
 void iovw_free_contents(struct iovec_wrapper *iovw, bool free_vectors);
+
 int iovw_put(struct iovec_wrapper *iovw, void *data, size_t len);
+static inline int iovw_consume(struct iovec_wrapper *iovw, void *data, size_t len) {
+        /* Move data into iovw or free on error */
+        int r = iovw_put(iovw, data, len);
+        if (r < 0)
+                free(data);
+        return r;
+}
+
 int iovw_put_string_field(struct iovec_wrapper *iovw, const char *field, const char *value);
 int iovw_put_string_field_free(struct iovec_wrapper *iovw, const char *field, char *value);
 void iovw_rebase(struct iovec_wrapper *iovw, char *old, char *new);