|
|
563e3e |
From 4573166e9384f4ffe17a87f7b41aacc4cfe8bad0 Mon Sep 17 00:00:00 2001
|
|
|
563e3e |
From: Lennart Poettering <lennart@poettering.net>
|
|
|
563e3e |
Date: Wed, 13 Feb 2019 16:51:22 +0100
|
|
|
563e3e |
Subject: [PATCH] sd-bus: if we receive an invalid dbus message, ignore and
|
|
|
563e3e |
proceeed
|
|
|
563e3e |
|
|
|
563e3e |
dbus-daemon might have a slightly different idea of what a valid msg is
|
|
|
563e3e |
than us (for example regarding valid msg and field sizes). Let's hence
|
|
|
563e3e |
try to proceed if we can and thus drop messages rather than fail the
|
|
|
563e3e |
connection if we fail to validate a message.
|
|
|
563e3e |
|
|
|
563e3e |
Hopefully the differences in what is considered valid are not visible
|
|
|
563e3e |
for real-life usecases, but are specific to exploit attempts only.
|
|
|
563e3e |
|
|
|
563e3e |
(cherry-picked from commit 6d586a13717ae057aa1b4127400c3de61cd5b9e7)
|
|
|
563e3e |
|
|
|
563e3e |
Related: #1678641
|
|
|
563e3e |
---
|
|
|
563e3e |
src/libsystemd/sd-bus/bus-socket.c | 9 ++++++---
|
|
|
563e3e |
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
563e3e |
|
|
|
563e3e |
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
|
|
|
563e3e |
index a5513d1ab..17cfa8e1f 100644
|
|
|
563e3e |
--- a/src/libsystemd/sd-bus/bus-socket.c
|
|
|
563e3e |
+++ b/src/libsystemd/sd-bus/bus-socket.c
|
|
|
563e3e |
@@ -1078,7 +1078,7 @@ static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
|
|
|
563e3e |
}
|
|
|
563e3e |
|
|
|
563e3e |
static int bus_socket_make_message(sd_bus *bus, size_t size) {
|
|
|
563e3e |
- sd_bus_message *t;
|
|
|
563e3e |
+ sd_bus_message *t = NULL;
|
|
|
563e3e |
void *b;
|
|
|
563e3e |
int r;
|
|
|
563e3e |
|
|
|
563e3e |
@@ -1103,7 +1103,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
|
|
|
563e3e |
bus->fds, bus->n_fds,
|
|
|
563e3e |
NULL,
|
|
|
563e3e |
&t);
|
|
|
563e3e |
- if (r < 0) {
|
|
|
563e3e |
+ if (r == -EBADMSG)
|
|
|
563e3e |
+ log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description));
|
|
|
563e3e |
+ else if (r < 0) {
|
|
|
563e3e |
free(b);
|
|
|
563e3e |
return r;
|
|
|
563e3e |
}
|
|
|
563e3e |
@@ -1114,7 +1116,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
|
|
|
563e3e |
bus->fds = NULL;
|
|
|
563e3e |
bus->n_fds = 0;
|
|
|
563e3e |
|
|
|
563e3e |
- bus->rqueue[bus->rqueue_size++] = t;
|
|
|
563e3e |
+ if (t)
|
|
|
563e3e |
+ bus->rqueue[bus->rqueue_size++] = t;
|
|
|
563e3e |
|
|
|
563e3e |
return 1;
|
|
|
563e3e |
}
|