chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
sd-bus: don't choke if somebody sends us a message with a unix fd count of 0
[elogind.git]
/
src
/
libsystemd
/
sd-bus
/
bus-message.c
diff --git
a/src/libsystemd/sd-bus/bus-message.c
b/src/libsystemd/sd-bus/bus-message.c
index fb894eff1fb492adfde28785fd63bbe028f42b15..b9d7f6dbfd2961fd1e83548b74d1717581413c85 100644
(file)
--- a/
src/libsystemd/sd-bus/bus-message.c
+++ b/
src/libsystemd/sd-bus/bus-message.c
@@
-617,7
+617,7
@@
static int message_new_reply(
t->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
t->reply_cookie = BUS_MESSAGE_COOKIE(call);
t->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
t->reply_cookie = BUS_MESSAGE_COOKIE(call);
- r = message_append_field_uint32(t, BUS_MESSAGE_HEADER_REPLY_SERIAL, t->reply_cookie);
+ r = message_append_field_uint32(t, BUS_MESSAGE_HEADER_REPLY_SERIAL,
(uint32_t)
t->reply_cookie);
if (r < 0)
goto fail;
if (r < 0)
goto fail;
@@
-752,7
+752,7
@@
int bus_message_new_synthetic_error(
t->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
t->reply_cookie = cookie;
t->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
t->reply_cookie = cookie;
- r = message_append_field_uint32(t, BUS_MESSAGE_HEADER_REPLY_SERIAL, t->reply_cookie);
+ r = message_append_field_uint32(t, BUS_MESSAGE_HEADER_REPLY_SERIAL,
(uint32_t)
t->reply_cookie);
if (r < 0)
goto fail;
if (r < 0)
goto fail;
@@
-4885,6
+4885,7
@@
int bus_message_parse_fields(sd_bus_message *m) {
size_t ri;
int r;
uint32_t unix_fds = 0;
size_t ri;
int r;
uint32_t unix_fds = 0;
+ bool unix_fds_set = false;
void *offsets = NULL;
unsigned n_offsets = 0;
size_t sz = 0;
void *offsets = NULL;
unsigned n_offsets = 0;
size_t sz = 0;
@@
-5075,24
+5076,29
@@
int bus_message_parse_fields(sd_bus_message *m) {
break;
}
break;
}
- case BUS_MESSAGE_HEADER_REPLY_SERIAL:
+ case BUS_MESSAGE_HEADER_REPLY_SERIAL: {
+ uint32_t serial;
+
if (m->reply_cookie != 0)
return -EBADMSG;
if (!streq(signature, "u"))
return -EBADMSG;
if (m->reply_cookie != 0)
return -EBADMSG;
if (!streq(signature, "u"))
return -EBADMSG;
- r = message_peek_field_uint32(m, &ri, item_size, &
m->reply_cookie
);
+ r = message_peek_field_uint32(m, &ri, item_size, &
serial
);
if (r < 0)
return r;
if (r < 0)
return r;
+ m->reply_cookie = serial;
+
if (m->reply_cookie == 0)
return -EBADMSG;
break;
if (m->reply_cookie == 0)
return -EBADMSG;
break;
+ }
case BUS_MESSAGE_HEADER_UNIX_FDS:
case BUS_MESSAGE_HEADER_UNIX_FDS:
- if (unix_fds
!= 0
)
+ if (unix_fds
_set
)
return -EBADMSG;
if (!streq(signature, "u"))
return -EBADMSG;
if (!streq(signature, "u"))
@@
-5102,9
+5108,7
@@
int bus_message_parse_fields(sd_bus_message *m) {
if (r < 0)
return -EBADMSG;
if (r < 0)
return -EBADMSG;
- if (unix_fds == 0)
- return -EBADMSG;
-
+ unix_fds_set = true;
break;
default:
break;
default:
@@
-5489,7
+5493,7
@@
int bus_message_remarshal(sd_bus *bus, sd_bus_message **m) {
return -ENOMEM;
n->reply_cookie = (*m)->reply_cookie;
return -ENOMEM;
n->reply_cookie = (*m)->reply_cookie;
- r = message_append_field_uint32(n, BUS_MESSAGE_HEADER_REPLY_SERIAL, n->reply_cookie);
+ r = message_append_field_uint32(n, BUS_MESSAGE_HEADER_REPLY_SERIAL,
(uint32_t)
n->reply_cookie);
if (r < 0)
return r;
if (r < 0)
return r;