1 files changed, 34 insertions, 0 deletions

diff --git a/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch b/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch
new file mode 100644
index 0000000..c9e3500
--- /dev/null
+++ b/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch
@@ -0,0 +1,34 @@
+From: Luca Boccassi <luca.boccassi@microsoft.com>
+Date: Thu, 1 Apr 2021 22:18:29 +0100
+Subject: LoadCredentials: do not assert on invalid syntax
+
+LoadCredentials=foo causes an assertion to be triggered, as we
+are not checking that the rvalue's right hand side part is non-empty
+before using it in unit_full_printf.
+
+Fixes #19178
+
+# printf [Service]nLoadCredential=passwd.hashed-password.rootn > hello.service
+# systemd-analyze verify ./hello.service
+...
+Assertion 'format' failed at src/core/unit-printf.c:232, function unit_full_printf(). Aborting.
+Aborted (core dumped)
+
+(cherry picked from commit f7a6f1226e800f7695c2073675523062ea697aa4)
+---
+ src/core/load-fragment.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
+index 4964249..5b66fb1 100644
+--- a/src/core/load-fragment.c
++++ b/src/core/load-fragment.c
+@@ -4569,7 +4569,7 @@ int config_parse_load_credential(
+         r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
+         if (r == -ENOMEM)
+                 return log_oom();
+-        if (r <= 0) {
++        if (r <= 0 || isempty(p)) {
+                 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
+                 return 0;
+         }