chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
bus: enforce limits on all client influenced data objects
[elogind.git]
/
src
/
libsystemd-bus
/
sd-bus.c
diff --git
a/src/libsystemd-bus/sd-bus.c
b/src/libsystemd-bus/sd-bus.c
index ad840cc875c6e4bf87ab072435f8b620a58527b1..1dd234d61b8e625731da5cf8e4ae7c47775ce472 100644
(file)
--- a/
src/libsystemd-bus/sd-bus.c
+++ b/
src/libsystemd-bus/sd-bus.c
@@
-35,8
+35,6
@@
#include "bus-message.h"
#include "bus-type.h"
#include "bus-message.h"
#include "bus-type.h"
-#define WQUEUE_MAX 128
-
static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec);
static void bus_free(sd_bus *b) {
static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec);
static void bus_free(sd_bus *b) {
@@
-495,6
+493,13
@@
static int bus_read_auth(sd_bus *b) {
return r;
n = MAX(3 + 32 + 2 + sizeof("AGREE_UNIX_FD") - 1 + 2, b->rbuffer_size * 2);
return r;
n = MAX(3 + 32 + 2 + sizeof("AGREE_UNIX_FD") - 1 + 2, b->rbuffer_size * 2);
+
+ if (n > BUS_AUTH_SIZE_MAX)
+ n = BUS_AUTH_SIZE_MAX;
+
+ if (b->rbuffer_size >= n)
+ return -ENOBUFS;
+
p = realloc(b->rbuffer, n);
if (!p)
return -ENOMEM;
p = realloc(b->rbuffer, n);
if (!p)
return -ENOMEM;
@@
-845,6
+850,7
@@
static int message_write(sd_bus *bus, sd_bus_message *m, size_t *idx) {
static int message_read_need(sd_bus *bus, size_t *need) {
uint32_t a, b;
uint8_t e;
static int message_read_need(sd_bus *bus, size_t *need) {
uint32_t a, b;
uint8_t e;
+ uint64_t sum;
assert(bus);
assert(need);
assert(bus);
assert(need);
@@
-885,7
+891,11
@@
static int message_read_need(sd_bus *bus, size_t *need) {
} else
return -EBADMSG;
} else
return -EBADMSG;
- *need = sizeof(struct bus_header) + ALIGN_TO(b, 8) + a;
+ sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
+ if (sum >= BUS_MESSAGE_SIZE_MAX)
+ return -ENOBUFS;
+
+ *need = (size_t) sum;
return 0;
}
return 0;
}
@@
-1093,7
+1103,7
@@
int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) {
/* Just append it to the queue. */
/* Just append it to the queue. */
- if (bus->wqueue_size >= WQUEUE_MAX)
+ if (bus->wqueue_size >=
BUS_
WQUEUE_MAX)
return -ENOBUFS;
q = realloc(bus->wqueue, sizeof(sd_bus_message*) * (bus->wqueue_size + 1));
return -ENOBUFS;
q = realloc(bus->wqueue, sizeof(sd_bus_message*) * (bus->wqueue_size + 1));
@@
-1300,6
+1310,9
@@
int sd_bus_send_with_reply_and_block(
if (!room) {
sd_bus_message **q;
if (!room) {
sd_bus_message **q;
+ if (bus->rqueue_size >= BUS_RQUEUE_MAX)
+ return -ENOBUFS;
+
/* Make sure there's room for queuing this
* locally, before we read the message */
/* Make sure there's room for queuing this
* locally, before we read the message */