rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0734-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c8s-sig-hyperscale-hotfix-252 c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-hotfix-252
  1.   48fc634e1ab67241b15a48d1adeb5eee4e29b109
  2.   SOURCES
  3.   0734-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
Blob History Raw
Pablo Greco 48fc63 
From 1c53e6f5a6bf9ecd5196518fc824af22c6996141 Mon Sep 17 00:00:00 2001
Pablo Greco 48fc63 
From: Lennart Poettering <lennart@poettering.net>
Pablo Greco 48fc63 
Date: Wed, 13 Feb 2019 16:51:22 +0100
Pablo Greco 48fc63 
Subject: [PATCH] sd-bus: if we receive an invalid dbus message, ignore and
Pablo Greco 48fc63 
 proceeed
Pablo Greco 48fc63
Pablo Greco 48fc63 
dbus-daemon might have a slightly different idea of what a valid msg is
Pablo Greco 48fc63 
than us (for example regarding valid msg and field sizes). Let's hence
Pablo Greco 48fc63 
try to proceed if we can and thus drop messages rather than fail the
Pablo Greco 48fc63 
connection if we fail to validate a message.
Pablo Greco 48fc63
Pablo Greco 48fc63 
Hopefully the differences in what is considered valid are not visible
Pablo Greco 48fc63 
for real-life usecases, but are specific to exploit attempts only.
Pablo Greco 48fc63
Pablo Greco 48fc63 
(cherry-picked from commit 6d586a13717ae057aa1b4127400c3de61cd5b9e7)
Pablo Greco 48fc63
Pablo Greco 48fc63 
Related: #1667871
Pablo Greco 48fc63 
---
Pablo Greco 48fc63 
 src/libsystemd/sd-bus/bus-socket.c | 9 ++++++---
Pablo Greco 48fc63 
 1 file changed, 6 insertions(+), 3 deletions(-)
Pablo Greco 48fc63
Pablo Greco 48fc63 
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
Pablo Greco 48fc63 
index ab56ef4f33..4437024bb9 100644
Pablo Greco 48fc63 
--- a/src/libsystemd/sd-bus/bus-socket.c
Pablo Greco 48fc63 
+++ b/src/libsystemd/sd-bus/bus-socket.c
Pablo Greco 48fc63 
@@ -879,7 +879,7 @@ static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
Pablo Greco 48fc63 
 }
Pablo Greco 48fc63
Pablo Greco 48fc63 
 static int bus_socket_make_message(sd_bus *bus, size_t size) {
Pablo Greco 48fc63 
-        sd_bus_message *t;
Pablo Greco 48fc63 
+        sd_bus_message *t = NULL;
Pablo Greco 48fc63 
         void *b;
Pablo Greco 48fc63 
         int r;
Pablo Greco 48fc63
Pablo Greco 48fc63 
@@ -905,7 +905,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
Pablo Greco 48fc63 
                                     NULL,
Pablo Greco 48fc63 
                                     NULL,
Pablo Greco 48fc63 
                                     &t);
Pablo Greco 48fc63 
-        if (r < 0) {
Pablo Greco 48fc63 
+        if (r == -EBADMSG)
Pablo Greco 48fc63 
+                log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description));
Pablo Greco 48fc63 
+        else if (r < 0) {
Pablo Greco 48fc63 
                 free(b);
Pablo Greco 48fc63 
                 return r;
Pablo Greco 48fc63 
         }
Pablo Greco 48fc63 
@@ -916,7 +918,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
Pablo Greco 48fc63 
         bus->fds = NULL;
Pablo Greco 48fc63 
         bus->n_fds = 0;
Pablo Greco 48fc63
Pablo Greco 48fc63 
-        bus->rqueue[bus->rqueue_size++] = t;
Pablo Greco 48fc63 
+        if (t)
Pablo Greco 48fc63 
+                bus->rqueue[bus->rqueue_size++] = t;
Pablo Greco 48fc63
Pablo Greco 48fc63 
         return 1;
Pablo Greco 48fc63 
 }

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation