From 6f3e79859d91aecb3a75097b69fb9cba086b2cb1 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Jul 2016 19:17:18 +0200
Subject: [PATCH] core: enforce user/group name validity also when creating
 transient units

---
 src/core/dbus-execute.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index a6896c6e6c..9c50cd93e5 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -44,6 +44,7 @@
 #endif
 #include "strv.h"
 #include "syslog-util.h"
+#include "user-util.h"
 #include "utf8.h"
 
 BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output, exec_output, ExecOutput);
@@ -841,6 +842,9 @@ int bus_exec_context_set_transient_property(
                 if (r < 0)
                         return r;
 
+                if (!isempty(uu) && !valid_user_group_name_or_id(uu))
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid user name: %s", uu);
+
                 if (mode != UNIT_CHECK) {
 
                         if (isempty(uu))
@@ -860,6 +864,9 @@ int bus_exec_context_set_transient_property(
                 if (r < 0)
                         return r;
 
+                if (!isempty(gg) && !valid_user_group_name_or_id(gg))
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid group name: %s", gg);
+
                 if (mode != UNIT_CHECK) {
 
                         if (isempty(gg))