Re: systemd CVE-2016-7796
Here is a new revised patch:
--
--- systemd-44.orig/src/manager.c
+++ systemd-44/src/manager.c
@@ -2029,14 +2029,17 @@
msghdr.msg_control = &control;
msghdr.msg_controllen = sizeof(control);
- if ((n = recvmsg(m->notify_watch.fd, &msghdr, MSG_DONTWAIT)) <= 0) {
- if (n >= 0)
- return -EIO;
-
- if (errno == EAGAIN || errno == EINTR)
+ if ((n = recvmsg(m->notify_watch.fd, &msghdr, MSG_DONTWAIT)) < 0) {
+ if (errno == EAGAIN || errno == EINTR) {
+ log_error("Failed to receive notification message: %m");
break;
+ }
- return -errno;
+ /* It's not an option to return an error here since it
+ * would disable the notification handler entirely. Services
+ * wouldn't be able to send the WATCHDOG message for
+ * example... */
+ return 0;
}
if (msghdr.msg_controllen < CMSG_LEN(sizeof(struct ucred)) ||
@@ -2058,7 +2061,7 @@
assert((size_t) n < sizeof(buf));
buf[n] = 0;
if (!(tags = strv_split(buf, "\n\r")))
- return -ENOMEM;
+ return 0;
log_debug("Got notification message for unit %s", u->id);
Brian May <bam@debian.org>
Reply to: