richardphibel / rpms / systemd

Forked from rpms/systemd 2 years ago
Clone
923a60
From dec34b2c3b66f9ccf3977e3a45d3a8365ba92027 Mon Sep 17 00:00:00 2001
923a60
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
923a60
Date: Thu, 3 Jan 2019 16:28:30 +0100
923a60
Subject: [PATCH] journal-remote: set a limit on the number of fields in a
923a60
 message
923a60
923a60
Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
923a60
reused for the new error condition (too many fields).
923a60
923a60
This matches the change done for systemd-journald, hence forming the second
923a60
part of the fix for CVE-2018-16865
923a60
(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
923a60
923a60
Resolves: #1657792
923a60
---
923a60
 src/journal-remote/journal-remote-parse.c |  2 +-
923a60
 src/journal-remote/journal-remote-write.c |  3 +++
923a60
 src/journal-remote/journal-remote.c       | 14 ++++++++++++--
923a60
 3 files changed, 16 insertions(+), 3 deletions(-)
923a60
923a60
diff --git a/src/journal-remote/journal-remote-parse.c b/src/journal-remote/journal-remote-parse.c
923a60
index 64089da19b..53f4e36123 100644
923a60
--- a/src/journal-remote/journal-remote-parse.c
923a60
+++ b/src/journal-remote/journal-remote-parse.c
923a60
@@ -107,7 +107,7 @@ static int get_line(RemoteSource *source, char **line, size_t *size) {
923a60
                 source->scanned = source->filled;
923a60
                 if (source->scanned >= DATA_SIZE_MAX) {
923a60
                         log_error("Entry is bigger than %u bytes.", DATA_SIZE_MAX);
923a60
-                        return -E2BIG;
923a60
+                        return -ENOBUFS;
923a60
                 }
923a60
 
923a60
                 if (source->passive_fd)
923a60
diff --git a/src/journal-remote/journal-remote-write.c b/src/journal-remote/journal-remote-write.c
923a60
index 99820fa7b8..99920e62c5 100644
923a60
--- a/src/journal-remote/journal-remote-write.c
923a60
+++ b/src/journal-remote/journal-remote-write.c
923a60
@@ -22,6 +22,9 @@
923a60
 #include "journal-remote.h"
923a60
 
923a60
 int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) {
923a60
+        if (iovw->count >= ENTRY_FIELD_COUNT_MAX)
923a60
+                return -E2BIG;
923a60
+
923a60
         if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1))
923a60
                 return log_oom();
923a60
 
923a60
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
923a60
index a455fb6bd8..e65daf6a0b 100644
923a60
--- a/src/journal-remote/journal-remote.c
923a60
+++ b/src/journal-remote/journal-remote.c
923a60
@@ -524,11 +524,18 @@ static int process_http_upload(
923a60
                         break;
923a60
                 else if (r < 0) {
923a60
                         log_warning("Failed to process data for connection %p", connection);
923a60
-                        if (r == -E2BIG)
923a60
+                        if (r == -ENOBUFS)
923a60
                                 return mhd_respondf(connection,
923a60
                                                     MHD_HTTP_REQUEST_ENTITY_TOO_LARGE,
923a60
                                                     "Entry is too large, maximum is %u bytes.\n",
923a60
                                                     DATA_SIZE_MAX);
923a60
+
923a60
+                        else if (r == -E2BIG)
923a60
+                                return mhd_respondf(connection,
923a60
+                                                    MHD_HTTP_REQUEST_ENTITY_TOO_LARGE,
923a60
+                                                    "Entry with more fields than the maximum of %u\n",
923a60
+                                                    ENTRY_FIELD_COUNT_MAX);
923a60
+
923a60
                         else
923a60
                                 return mhd_respondf(connection,
923a60
                                                     MHD_HTTP_UNPROCESSABLE_ENTITY,
923a60
@@ -1043,7 +1050,10 @@ static int handle_raw_source(sd_event_source *event,
923a60
                 log_debug("%zu active sources remaining", s->active);
923a60
                 return 0;
923a60
         } else if (r == -E2BIG) {
923a60
-                log_notice_errno(E2BIG, "Entry too big, skipped");
923a60
+                log_notice_errno(E2BIG, "Entry with too many fields, skipped");
923a60
+                return 1;
923a60
+        } else if (r == -ENOBUFS) {
923a60
+                log_notice_errno(ENOBUFS, "Entry too big, skipped");
923a60
                 return 1;
923a60
         } else if (r == -EAGAIN) {
923a60
                 return 0;