563e3e
From 9c2246f25010b9657b765c546c0e278d4824ab2c Mon Sep 17 00:00:00 2001
563e3e
From: Riccardo Schirone <rschiron@redhat.com>
563e3e
Date: Mon, 4 Feb 2019 14:29:09 +0100
563e3e
Subject: [PATCH] Refuse dbus message paths longer than BUS_PATH_SIZE_MAX
563e3e
 limit.
563e3e
563e3e
Even though the dbus specification does not enforce any length limit on the
563e3e
path of a dbus message, having to analyze too long strings in PID1 may be
563e3e
time-consuming and it may have security impacts.
563e3e
563e3e
In any case, the limit is set so high that real-life applications should not
563e3e
have a problem with it.
563e3e
563e3e
(cherry-picked from commit 61397a60d98e368a5720b37e83f3169e3eb511c4)
563e3e
563e3e
Related: #1678641
563e3e
---
563e3e
 src/libsystemd/sd-bus/bus-internal.c | 2 +-
563e3e
 src/libsystemd/sd-bus/bus-internal.h | 4 ++++
563e3e
 2 files changed, 5 insertions(+), 1 deletion(-)
563e3e
563e3e
diff --git a/src/libsystemd/sd-bus/bus-internal.c b/src/libsystemd/sd-bus/bus-internal.c
563e3e
index 7bb653338..35e0b668e 100644
563e3e
--- a/src/libsystemd/sd-bus/bus-internal.c
563e3e
+++ b/src/libsystemd/sd-bus/bus-internal.c
563e3e
@@ -45,7 +45,7 @@ bool object_path_is_valid(const char *p) {
563e3e
         if (slash)
563e3e
                 return false;
563e3e
 
563e3e
-        return true;
563e3e
+        return (q - p) <= BUS_PATH_SIZE_MAX;
563e3e
 }
563e3e
 
563e3e
 char* object_path_startswith(const char *a, const char *b) {
563e3e
diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h
563e3e
index 2087ef8ee..90e602898 100644
563e3e
--- a/src/libsystemd/sd-bus/bus-internal.h
563e3e
+++ b/src/libsystemd/sd-bus/bus-internal.h
563e3e
@@ -333,6 +333,10 @@ struct sd_bus {
563e3e
 
563e3e
 #define BUS_MESSAGE_SIZE_MAX (128*1024*1024)
563e3e
 #define BUS_AUTH_SIZE_MAX (64*1024)
563e3e
+/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one
563e3e
+ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however,
563e3e
+ * to not clash unnecessarily with real-life applications. */
563e3e
+#define BUS_PATH_SIZE_MAX (64*1024)
563e3e
 
563e3e
 #define BUS_CONTAINER_DEPTH 128
563e3e