|
|
923a60 |
From dec34b2c3b66f9ccf3977e3a45d3a8365ba92027 Mon Sep 17 00:00:00 2001
|
|
|
923a60 |
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
|
923a60 |
Date: Thu, 3 Jan 2019 16:28:30 +0100
|
|
|
923a60 |
Subject: [PATCH] journal-remote: set a limit on the number of fields in a
|
|
|
923a60 |
message
|
|
|
923a60 |
|
|
|
923a60 |
Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
|
|
|
923a60 |
reused for the new error condition (too many fields).
|
|
|
923a60 |
|
|
|
923a60 |
This matches the change done for systemd-journald, hence forming the second
|
|
|
923a60 |
part of the fix for CVE-2018-16865
|
|
|
923a60 |
(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
|
|
|
923a60 |
|
|
|
923a60 |
Resolves: #1657792
|
|
|
923a60 |
---
|
|
|
923a60 |
src/journal-remote/journal-remote-parse.c | 2 +-
|
|
|
923a60 |
src/journal-remote/journal-remote-write.c | 3 +++
|
|
|
923a60 |
src/journal-remote/journal-remote.c | 14 ++++++++++++--
|
|
|
923a60 |
3 files changed, 16 insertions(+), 3 deletions(-)
|
|
|
923a60 |
|
|
|
923a60 |
diff --git a/src/journal-remote/journal-remote-parse.c b/src/journal-remote/journal-remote-parse.c
|
|
|
923a60 |
index 64089da19b..53f4e36123 100644
|
|
|
923a60 |
--- a/src/journal-remote/journal-remote-parse.c
|
|
|
923a60 |
+++ b/src/journal-remote/journal-remote-parse.c
|
|
|
923a60 |
@@ -107,7 +107,7 @@ static int get_line(RemoteSource *source, char **line, size_t *size) {
|
|
|
923a60 |
source->scanned = source->filled;
|
|
|
923a60 |
if (source->scanned >= DATA_SIZE_MAX) {
|
|
|
923a60 |
log_error("Entry is bigger than %u bytes.", DATA_SIZE_MAX);
|
|
|
923a60 |
- return -E2BIG;
|
|
|
923a60 |
+ return -ENOBUFS;
|
|
|
923a60 |
}
|
|
|
923a60 |
|
|
|
923a60 |
if (source->passive_fd)
|
|
|
923a60 |
diff --git a/src/journal-remote/journal-remote-write.c b/src/journal-remote/journal-remote-write.c
|
|
|
923a60 |
index 99820fa7b8..99920e62c5 100644
|
|
|
923a60 |
--- a/src/journal-remote/journal-remote-write.c
|
|
|
923a60 |
+++ b/src/journal-remote/journal-remote-write.c
|
|
|
923a60 |
@@ -22,6 +22,9 @@
|
|
|
923a60 |
#include "journal-remote.h"
|
|
|
923a60 |
|
|
|
923a60 |
int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) {
|
|
|
923a60 |
+ if (iovw->count >= ENTRY_FIELD_COUNT_MAX)
|
|
|
923a60 |
+ return -E2BIG;
|
|
|
923a60 |
+
|
|
|
923a60 |
if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1))
|
|
|
923a60 |
return log_oom();
|
|
|
923a60 |
|
|
|
923a60 |
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
|
|
|
923a60 |
index a455fb6bd8..e65daf6a0b 100644
|
|
|
923a60 |
--- a/src/journal-remote/journal-remote.c
|
|
|
923a60 |
+++ b/src/journal-remote/journal-remote.c
|
|
|
923a60 |
@@ -524,11 +524,18 @@ static int process_http_upload(
|
|
|
923a60 |
break;
|
|
|
923a60 |
else if (r < 0) {
|
|
|
923a60 |
log_warning("Failed to process data for connection %p", connection);
|
|
|
923a60 |
- if (r == -E2BIG)
|
|
|
923a60 |
+ if (r == -ENOBUFS)
|
|
|
923a60 |
return mhd_respondf(connection,
|
|
|
923a60 |
MHD_HTTP_REQUEST_ENTITY_TOO_LARGE,
|
|
|
923a60 |
"Entry is too large, maximum is %u bytes.\n",
|
|
|
923a60 |
DATA_SIZE_MAX);
|
|
|
923a60 |
+
|
|
|
923a60 |
+ else if (r == -E2BIG)
|
|
|
923a60 |
+ return mhd_respondf(connection,
|
|
|
923a60 |
+ MHD_HTTP_REQUEST_ENTITY_TOO_LARGE,
|
|
|
923a60 |
+ "Entry with more fields than the maximum of %u\n",
|
|
|
923a60 |
+ ENTRY_FIELD_COUNT_MAX);
|
|
|
923a60 |
+
|
|
|
923a60 |
else
|
|
|
923a60 |
return mhd_respondf(connection,
|
|
|
923a60 |
MHD_HTTP_UNPROCESSABLE_ENTITY,
|
|
|
923a60 |
@@ -1043,7 +1050,10 @@ static int handle_raw_source(sd_event_source *event,
|
|
|
923a60 |
log_debug("%zu active sources remaining", s->active);
|
|
|
923a60 |
return 0;
|
|
|
923a60 |
} else if (r == -E2BIG) {
|
|
|
923a60 |
- log_notice_errno(E2BIG, "Entry too big, skipped");
|
|
|
923a60 |
+ log_notice_errno(E2BIG, "Entry with too many fields, skipped");
|
|
|
923a60 |
+ return 1;
|
|
|
923a60 |
+ } else if (r == -ENOBUFS) {
|
|
|
923a60 |
+ log_notice_errno(ENOBUFS, "Entry too big, skipped");
|
|
|
923a60 |
return 1;
|
|
|
923a60 |
} else if (r == -EAGAIN) {
|
|
|
923a60 |
return 0;
|