diff options
| author | Lennart Poettering <lennart@poettering.net> | 2013-03-21 23:20:25 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2013-03-22 00:12:37 +0100 |
| commit | 25220239990c7859a65160d63277105d0c1de8a8 (patch) | |
| tree | 204a278a968bbf40d6d341026948af2d7131dd99 | |
| parent | 29f6aadd5302320d5a7a3868b607eb83687bdfd0 (diff) | |
bus: enforce limits on all client influenced data objects
| -rw-r--r-- | src/libsystemd-bus/bus-internal.h | 6 | ||||
| -rw-r--r-- | src/libsystemd-bus/sd-bus.c | 21 | ||||
| -rw-r--r-- | src/libsystemd-bus/sd-bus.h | 2 |
3 files changed, 23 insertions, 6 deletions
diff --git a/src/libsystemd-bus/bus-internal.h b/src/libsystemd-bus/bus-internal.h index 9e4cf16b7..b0e97915c 100644 --- a/src/libsystemd-bus/bus-internal.h +++ b/src/libsystemd-bus/bus-internal.h @@ -110,3 +110,9 @@ static inline void bus_unrefp(sd_bus **b) { #define _cleanup_bus_unref_ __attribute__((cleanup(bus_unrefp))) #define BUS_DEFAULT_TIMEOUT ((usec_t) (25 * USEC_PER_SEC)) + +#define BUS_WQUEUE_MAX 128 +#define BUS_RQUEUE_MAX 128 + +#define BUS_MESSAGE_SIZE_MAX (64*1024*1024) +#define BUS_AUTH_SIZE_MAX (64*1024) diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c index ad840cc87..1dd234d61 100644 --- a/src/libsystemd-bus/sd-bus.c +++ b/src/libsystemd-bus/sd-bus.c @@ -35,8 +35,6 @@ #include "bus-message.h" #include "bus-type.h" -#define WQUEUE_MAX 128 - static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec); static void bus_free(sd_bus *b) { @@ -495,6 +493,13 @@ static int bus_read_auth(sd_bus *b) { return r; n = MAX(3 + 32 + 2 + sizeof("AGREE_UNIX_FD") - 1 + 2, b->rbuffer_size * 2); + + if (n > BUS_AUTH_SIZE_MAX) + n = BUS_AUTH_SIZE_MAX; + + if (b->rbuffer_size >= n) + return -ENOBUFS; + p = realloc(b->rbuffer, n); if (!p) return -ENOMEM; @@ -845,6 +850,7 @@ static int message_write(sd_bus *bus, sd_bus_message *m, size_t *idx) { static int message_read_need(sd_bus *bus, size_t *need) { uint32_t a, b; uint8_t e; + uint64_t sum; assert(bus); assert(need); @@ -885,7 +891,11 @@ static int message_read_need(sd_bus *bus, size_t *need) { } else return -EBADMSG; - *need = sizeof(struct bus_header) + ALIGN_TO(b, 8) + a; + sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a; + if (sum >= BUS_MESSAGE_SIZE_MAX) + return -ENOBUFS; + + *need = (size_t) sum; return 0; } @@ -1093,7 +1103,7 @@ int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) { /* Just append it to the queue. */ - if (bus->wqueue_size >= WQUEUE_MAX) + if (bus->wqueue_size >= BUS_WQUEUE_MAX) return -ENOBUFS; q = realloc(bus->wqueue, sizeof(sd_bus_message*) * (bus->wqueue_size + 1)); @@ -1300,6 +1310,9 @@ int sd_bus_send_with_reply_and_block( if (!room) { sd_bus_message **q; + if (bus->rqueue_size >= BUS_RQUEUE_MAX) + return -ENOBUFS; + /* Make sure there's room for queuing this * locally, before we read the message */ diff --git a/src/libsystemd-bus/sd-bus.h b/src/libsystemd-bus/sd-bus.h index a759f54f3..1d7bfa86b 100644 --- a/src/libsystemd-bus/sd-bus.h +++ b/src/libsystemd-bus/sd-bus.h @@ -38,8 +38,6 @@ * - add object handlers * - add peer message handlers * - verify object paths - * - when reading a message, verify its size - * - add limits to wqueue and rqueue alike */ typedef struct sd_bus sd_bus; |