X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Flibsystemd-bus%2Fsd-bus.c;h=1dd234d61b8e625731da5cf8e4ae7c47775ce472;hp=ad840cc875c6e4bf87ab072435f8b620a58527b1;hb=25220239990c7859a65160d63277105d0c1de8a8;hpb=29f6aadd5302320d5a7a3868b607eb83687bdfd0

diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c
index ad840cc87..1dd234d61 100644
--- a/src/libsystemd-bus/sd-bus.c
+++ b/src/libsystemd-bus/sd-bus.c
@@ -35,8 +35,6 @@
 #include "bus-message.h"
 #include "bus-type.h"
 
-#define WQUEUE_MAX 128
-
 static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec);
 
 static void bus_free(sd_bus *b) {
@@ -495,6 +493,13 @@ static int bus_read_auth(sd_bus *b) {
                 return r;
 
         n = MAX(3 + 32 + 2 + sizeof("AGREE_UNIX_FD") - 1 + 2, b->rbuffer_size * 2);
+
+        if (n > BUS_AUTH_SIZE_MAX)
+                n = BUS_AUTH_SIZE_MAX;
+
+        if (b->rbuffer_size >= n)
+                return -ENOBUFS;
+
         p = realloc(b->rbuffer, n);
         if (!p)
                 return -ENOMEM;
@@ -845,6 +850,7 @@ static int message_write(sd_bus *bus, sd_bus_message *m, size_t *idx) {
 static int message_read_need(sd_bus *bus, size_t *need) {
         uint32_t a, b;
         uint8_t e;
+        uint64_t sum;
 
         assert(bus);
         assert(need);
@@ -885,7 +891,11 @@ static int message_read_need(sd_bus *bus, size_t *need) {
         } else
                 return -EBADMSG;
 
-        *need = sizeof(struct bus_header) + ALIGN_TO(b, 8) + a;
+        sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
+        if (sum >= BUS_MESSAGE_SIZE_MAX)
+                return -ENOBUFS;
+
+        *need = (size_t) sum;
         return 0;
 }
 
@@ -1093,7 +1103,7 @@ int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) {
 
                 /* Just append it to the queue. */
 
-                if (bus->wqueue_size >= WQUEUE_MAX)
+                if (bus->wqueue_size >= BUS_WQUEUE_MAX)
                         return -ENOBUFS;
 
                 q = realloc(bus->wqueue, sizeof(sd_bus_message*) * (bus->wqueue_size + 1));
@@ -1300,6 +1310,9 @@ int sd_bus_send_with_reply_and_block(
                 if (!room) {
                         sd_bus_message **q;
 
+                        if (bus->rqueue_size >= BUS_RQUEUE_MAX)
+                                return -ENOBUFS;
+
                         /* Make sure there's room for queuing this
                          * locally, before we read the message */