You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56 lines
2.0 KiB
56 lines
2.0 KiB
From f2f784ac5e4b7d0e20eadf97049eaec8c685e5fe Mon Sep 17 00:00:00 2001
|
|
From: Lennart Poettering <lennart@poettering.net>
|
|
Date: Wed, 13 Feb 2019 16:51:22 +0100
|
|
Subject: [PATCH] sd-bus: if we receive an invalid dbus message, ignore and
|
|
proceeed
|
|
|
|
dbus-daemon might have a slightly different idea of what a valid msg is
|
|
than us (for example regarding valid msg and field sizes). Let's hence
|
|
try to proceed if we can and thus drop messages rather than fail the
|
|
connection if we fail to validate a message.
|
|
|
|
Hopefully the differences in what is considered valid are not visible
|
|
for real-life usecases, but are specific to exploit attempts only.
|
|
|
|
(cherry-picked from commit 6d586a13717ae057aa1b4127400c3de61cd5b9e7)
|
|
|
|
Related: #1678641
|
|
---
|
|
src/libsystemd/sd-bus/bus-socket.c | 9 ++++++---
|
|
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
|
|
index a5513d1ab5..17cfa8e1fd 100644
|
|
--- a/src/libsystemd/sd-bus/bus-socket.c
|
|
+++ b/src/libsystemd/sd-bus/bus-socket.c
|
|
@@ -1078,7 +1078,7 @@ static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
|
|
}
|
|
|
|
static int bus_socket_make_message(sd_bus *bus, size_t size) {
|
|
- sd_bus_message *t;
|
|
+ sd_bus_message *t = NULL;
|
|
void *b;
|
|
int r;
|
|
|
|
@@ -1103,7 +1103,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
|
|
bus->fds, bus->n_fds,
|
|
NULL,
|
|
&t);
|
|
- if (r < 0) {
|
|
+ if (r == -EBADMSG)
|
|
+ log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description));
|
|
+ else if (r < 0) {
|
|
free(b);
|
|
return r;
|
|
}
|
|
@@ -1114,7 +1116,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
|
|
bus->fds = NULL;
|
|
bus->n_fds = 0;
|
|
|
|
- bus->rqueue[bus->rqueue_size++] = t;
|
|
+ if (t)
|
|
+ bus->rqueue[bus->rqueue_size++] = t;
|
|
|
|
return 1;
|
|
}
|