ask-password-api: fix error handling on invalid unicode character

The integer overflow happens when utf8_encoded_valid_unichar() returns an error
code. The error code is a negative number: -22. This overflows when it is
assigned to `z` (type `size_t`). This can cause an infinite loop if the value
of `q` is 22 or larger.

To reproduce the bug, you need to run `systemd-ask-password` and enter an
invalid unicode character, followed by a backspace character.

GHSL-2021-052

man/rules/meson.build

@@ -931,7 +931,7 @@ manpages = [
   '8',
   ['systemd-random-seed'],
   'ENABLE_RANDOMSEED'],
- ['systemd-rc-local-generator', '8', [], 'HAVE_SYSV_COMPAT'],
+ ['systemd-rc-local-generator', '8', ['rc-local.service'], 'HAVE_SYSV_COMPAT'],
  ['systemd-remount-fs.service', '8', ['systemd-remount-fs'], ''],
  ['systemd-repart', '8', ['systemd-repart.service'], 'ENABLE_REPART'],
  ['systemd-resolved.service', '8', ['systemd-resolved'], 'ENABLE_RESOLVE'],

man/systemd-rc-local-generator.xml

@@ -19,28 +19,44 @@
 
   <refnamediv>
     <refname>systemd-rc-local-generator</refname>
-    <refpurpose>Compatibility generator for starting <filename>&RC_LOCAL_PATH;</filename> during boot</refpurpose>
+    <refname>rc-local.service</refname>
+    <refpurpose>Compatibility generator and service to start <filename>&RC_LOCAL_PATH;</filename> during boot</refpurpose>
   </refnamediv>
 
   <refsynopsisdiv>
     <para><filename>/usr/lib/systemd/system-generators/systemd-rc-local-generator</filename></para>
+    <para><filename>rc-local.service</filename></para>
   </refsynopsisdiv>
 
   <refsect1>
     <title>Description</title>
 
-    <para><filename>systemd-rc-local-generator</filename> is a generator that checks whether
+    <para><command>systemd-rc-local-generator</command> is a generator that checks whether
-    <filename>&RC_LOCAL_PATH;</filename> exists and is executable, and if it is pulls the
+    <filename>&RC_LOCAL_PATH;</filename> exists and is executable, and if it is, pulls the
     <filename>rc-local.service</filename> unit into the boot process. This unit is responsible for running
-    this script during late boot. Note that the script will be run with slightly different semantics than the
+    this script during late boot. The script is run after <filename>network.target</filename>, but in
-    original System V version, which was run "last" in the boot process, which is a concept that does not
+    parallel with most other regular system services.</para>
-    translate to systemd. The script is run after <filename>network.target</filename>, but in parallel with
+
-    most other regular system services.</para>
+    <para>Note that <filename>rc-local.service</filename> runs with slightly different semantics than the
+    original System V version, which was executed "last" in the boot process, which is a concept that does
+    not translate to systemd.</para>
+
+    <para>Also note that <filename>rc-local.service</filename> is ordered after
+    <filename>network.target</filename>, which does not mean that the network is functional, see
+    <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
+    If the script requires a configured network connection, it may be desirable to pull in and order it after
+    <filename>network-online.target</filename> with a drop-in:</para>
+
+    <programlisting># /etc/systemd/system/rc-local.service.d/network.conf
+[Unit]
+Wants=network-online.target
+After=network-online.target
+</programlisting>
 
     <para>Support for <filename>&RC_LOCAL_PATH;</filename> is provided for compatibility with specific System
     V systems only. However, it is strongly recommended to avoid making use of this script today, and instead
     provide proper unit files with appropriate dependencies for any scripts to run during the boot process.
-    Note that the path to the script is set a compile time and varies between distributions.</para>
+    Note that the path to the script is set at compile time and varies between distributions.</para>
 
     <para><filename>systemd-rc-local-generator</filename> implements
     <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>

src/shared/ask-password-api.c

@@ -581,10 +581,10 @@ int ask_password_tty(
                                  * last one begins */
                                 q = 0;
                                 for (;;) {
-                                        size_t z;
+                                        int z;
 
                                         z = utf8_encoded_valid_unichar(passphrase + q, SIZE_MAX);
-                                        if (z == 0) {
+                                        if (z <= 0) {
                                                 q = SIZE_MAX; /* Invalid UTF8! */
                                                 break;
                                         }