sd-bus: don't choke if somebody sends us a message with a unix fd count of 0

[elogind.git] / src / libsystemd / sd-bus / bus-message.c

diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
index fb894eff1fb492adfde28785fd63bbe028f42b15..b9d7f6dbfd2961fd1e83548b74d1717581413c85 100644 (file)
--- a/src/libsystemd/sd-bus/bus-message.c
+++ b/src/libsystemd/sd-bus/bus-message.c
@@ -617,7 +617,7 @@ static int message_new_reply(
         t->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
         t->reply_cookie = BUS_MESSAGE_COOKIE(call);
 
-        r = message_append_field_uint32(t, BUS_MESSAGE_HEADER_REPLY_SERIAL, t->reply_cookie);
+        r = message_append_field_uint32(t, BUS_MESSAGE_HEADER_REPLY_SERIAL, (uint32_t) t->reply_cookie);
         if (r < 0)
                 goto fail;
 
@@ -752,7 +752,7 @@ int bus_message_new_synthetic_error(
         t->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
         t->reply_cookie = cookie;
 
-        r = message_append_field_uint32(t, BUS_MESSAGE_HEADER_REPLY_SERIAL, t->reply_cookie);
+        r = message_append_field_uint32(t, BUS_MESSAGE_HEADER_REPLY_SERIAL, (uint32_t) t->reply_cookie);
         if (r < 0)
                 goto fail;
 
@@ -4885,6 +4885,7 @@ int bus_message_parse_fields(sd_bus_message *m) {
         size_t ri;
         int r;
         uint32_t unix_fds = 0;
+        bool unix_fds_set = false;
         void *offsets = NULL;
         unsigned n_offsets = 0;
         size_t sz = 0;
@@ -5075,24 +5076,29 @@ int bus_message_parse_fields(sd_bus_message *m) {
                         break;
                 }
 
-                case BUS_MESSAGE_HEADER_REPLY_SERIAL:
+                case BUS_MESSAGE_HEADER_REPLY_SERIAL: {
+                        uint32_t serial;
+
                         if (m->reply_cookie != 0)
                                 return -EBADMSG;
 
                         if (!streq(signature, "u"))
                                 return -EBADMSG;
 
-                        r = message_peek_field_uint32(m, &ri, item_size, &m->reply_cookie);
+                        r = message_peek_field_uint32(m, &ri, item_size, &serial);
                         if (r < 0)
                                 return r;
 
+                        m->reply_cookie = serial;
+
                         if (m->reply_cookie == 0)
                                 return -EBADMSG;
 
                         break;
+                }
 
                 case BUS_MESSAGE_HEADER_UNIX_FDS:
-                        if (unix_fds != 0)
+                        if (unix_fds_set)
                                 return -EBADMSG;
 
                         if (!streq(signature, "u"))
@@ -5102,9 +5108,7 @@ int bus_message_parse_fields(sd_bus_message *m) {
                         if (r < 0)
                                 return -EBADMSG;
 
-                        if (unix_fds == 0)
-                                return -EBADMSG;
-
+                        unix_fds_set = true;
                         break;
 
                 default:
@@ -5489,7 +5493,7 @@ int bus_message_remarshal(sd_bus *bus, sd_bus_message **m) {
                         return -ENOMEM;
 
                 n->reply_cookie = (*m)->reply_cookie;
-                r = message_append_field_uint32(n, BUS_MESSAGE_HEADER_REPLY_SERIAL, n->reply_cookie);
+                r = message_append_field_uint32(n, BUS_MESSAGE_HEADER_REPLY_SERIAL, (uint32_t) n->reply_cookie);
                 if (r < 0)
                         return r;