rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0672-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c8s-sig-hyperscale-hotfix-252 c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-hotfix-252
  1.   c7-alt
  2.   SOURCES
  3.   0672-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
Blob History Raw
3a43e1 
From f2126dbc1dcaca92250427e76e7a87e61b10f540 Mon Sep 17 00:00:00 2001
3a43e1 
From: Lennart Poettering <lennart@poettering.net>
3a43e1 
Date: Wed, 13 Feb 2019 16:51:22 +0100
3a43e1 
Subject: [PATCH] sd-bus: if we receive an invalid dbus message, ignore and
3a43e1 
 proceeed
3a43e1
3a43e1 
dbus-daemon might have a slightly different idea of what a valid msg is
3a43e1 
than us (for example regarding valid msg and field sizes). Let's hence
3a43e1 
try to proceed if we can and thus drop messages rather than fail the
3a43e1 
connection if we fail to validate a message.
3a43e1
3a43e1 
Hopefully the differences in what is considered valid are not visible
3a43e1 
for real-life usecases, but are specific to exploit attempts only.
3a43e1
3a43e1 
(cherry-picked from commit 6d586a13717ae057aa1b4127400c3de61cd5b9e7)
3a43e1
3a43e1 
Related: #1667871
3a43e1 
---
3a43e1 
 src/libsystemd/sd-bus/bus-socket.c | 9 ++++++---
3a43e1 
 1 file changed, 6 insertions(+), 3 deletions(-)
3a43e1
3a43e1 
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
3a43e1 
index ab56ef4f3..4437024bb 100644
3a43e1 
--- a/src/libsystemd/sd-bus/bus-socket.c
3a43e1 
+++ b/src/libsystemd/sd-bus/bus-socket.c
3a43e1 
@@ -879,7 +879,7 @@ static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
3a43e1 
 }
3a43e1
3a43e1 
 static int bus_socket_make_message(sd_bus *bus, size_t size) {
3a43e1 
-        sd_bus_message *t;
3a43e1 
+        sd_bus_message *t = NULL;
3a43e1 
         void *b;
3a43e1 
         int r;
3a43e1
3a43e1 
@@ -905,7 +905,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
3a43e1 
                                     NULL,
3a43e1 
                                     NULL,
3a43e1 
                                     &t);
3a43e1 
-        if (r < 0) {
3a43e1 
+        if (r == -EBADMSG)
3a43e1 
+                log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description));
3a43e1 
+        else if (r < 0) {
3a43e1 
                 free(b);
3a43e1 
                 return r;
3a43e1 
         }
3a43e1 
@@ -916,7 +918,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
3a43e1 
         bus->fds = NULL;
3a43e1 
         bus->n_fds = 0;
3a43e1
3a43e1 
-        bus->rqueue[bus->rqueue_size++] = t;
3a43e1 
+        if (t)
3a43e1 
+                bus->rqueue[bus->rqueue_size++] = t;
3a43e1
3a43e1 
         return 1;
3a43e1 
 }

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation