rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0109-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c8s-sig-hyperscale-hotfix-252 c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-hotfix-252
  1.   ff6046250205de480768cda57a3a70ec47bee7c3
  2.   SOURCES
  3.   0109-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
Blob History Raw
ff6046 
From f2f784ac5e4b7d0e20eadf97049eaec8c685e5fe Mon Sep 17 00:00:00 2001
ff6046 
From: Lennart Poettering <lennart@poettering.net>
ff6046 
Date: Wed, 13 Feb 2019 16:51:22 +0100
ff6046 
Subject: [PATCH] sd-bus: if we receive an invalid dbus message, ignore and
ff6046 
 proceeed
ff6046
ff6046 
dbus-daemon might have a slightly different idea of what a valid msg is
ff6046 
than us (for example regarding valid msg and field sizes). Let's hence
ff6046 
try to proceed if we can and thus drop messages rather than fail the
ff6046 
connection if we fail to validate a message.
ff6046
ff6046 
Hopefully the differences in what is considered valid are not visible
ff6046 
for real-life usecases, but are specific to exploit attempts only.
ff6046
ff6046 
(cherry-picked from commit 6d586a13717ae057aa1b4127400c3de61cd5b9e7)
ff6046
ff6046 
Related: #1678641
ff6046 
---
ff6046 
 src/libsystemd/sd-bus/bus-socket.c | 9 ++++++---
ff6046 
 1 file changed, 6 insertions(+), 3 deletions(-)
ff6046
ff6046 
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
ff6046 
index a5513d1ab5..17cfa8e1fd 100644
ff6046 
--- a/src/libsystemd/sd-bus/bus-socket.c
ff6046 
+++ b/src/libsystemd/sd-bus/bus-socket.c
ff6046 
@@ -1078,7 +1078,7 @@ static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
ff6046 
 }
ff6046
ff6046 
 static int bus_socket_make_message(sd_bus *bus, size_t size) {
ff6046 
-        sd_bus_message *t;
ff6046 
+        sd_bus_message *t = NULL;
ff6046 
         void *b;
ff6046 
         int r;
ff6046
ff6046 
@@ -1103,7 +1103,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
ff6046 
                                     bus->fds, bus->n_fds,
ff6046 
                                     NULL,
ff6046 
                                     &t);
ff6046 
-        if (r < 0) {
ff6046 
+        if (r == -EBADMSG)
ff6046 
+                log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description));
ff6046 
+        else if (r < 0) {
ff6046 
                 free(b);
ff6046 
                 return r;
ff6046 
         }
ff6046 
@@ -1114,7 +1116,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
ff6046 
         bus->fds = NULL;
ff6046 
         bus->n_fds = 0;
ff6046
ff6046 
-        bus->rqueue[bus->rqueue_size++] = t;
ff6046 
+        if (t)
ff6046 
+                bus->rqueue[bus->rqueue_size++] = t;
ff6046
ff6046 
         return 1;
ff6046 
 }

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation