teknoraver / rpms / systemd

Forked from rpms/systemd 2 months ago
Clone

Blame SOURCES/0084-journal-remote-verify-entry-length-from-header.patch

36e8a3
From ad18012c46724aa097f37015a8036a4343206efe Mon Sep 17 00:00:00 2001
36e8a3
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
36e8a3
Date: Fri, 7 Dec 2018 12:47:14 +0100
36e8a3
Subject: [PATCH] journal-remote: verify entry length from header
36e8a3
MIME-Version: 1.0
36e8a3
Content-Type: text/plain; charset=UTF-8
36e8a3
Content-Transfer-Encoding: 8bit
36e8a3
36e8a3
Calling mhd_respond(), which ulimately calls MHD_queue_response() is
36e8a3
ineffective at point, becuase MHD_queue_response() immediately returns
36e8a3
MHD_NO signifying an error, because the connection is in state
36e8a3
MHD_CONNECTION_CONTINUE_SENT.
36e8a3
36e8a3
As Christian Grothoff kindly explained:
36e8a3
> You are likely calling MHD_queue_repsonse() too late: once you are
36e8a3
> receiving upload_data, HTTP forces you to process it all. At this time,
36e8a3
> MHD has already sent "100 continue" and cannot take it back (hence you
36e8a3
> get MHD_NO!).
36e8a3
>
36e8a3
> In your request handler, the first time when you are called for a
36e8a3
> connection (and when hence *upload_data_size == 0 and upload_data ==
36e8a3
> NULL) you must check the content-length header and react (with
36e8a3
> MHD_queue_response) based on this (to prevent MHD from automatically
36e8a3
> generating 100 continue).
36e8a3
36e8a3
If we ever encounter this kind of error, print a warning and immediately
36e8a3
abort the connection. (The alternative would be to keep reading the data,
36e8a3
but ignore it, and return an error after we get to the end of data.
36e8a3
That is possible, but of course puts additional load on both the
36e8a3
sender and reciever, and doesn't seem important enough just to return
36e8a3
a good error message.)
36e8a3
36e8a3
Note that sending of the error does not work (the connection is always aborted
36e8a3
when MHD_queue_response is used with MHD_RESPMEM_MUST_FREE, as in this case)
36e8a3
with libµhttpd 0.59, but works with 0.61:
36e8a3
https://src.fedoraproject.org/rpms/libmicrohttpd/pull-request/1
36e8a3
36e8a3
(cherry-picked from commit 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd)
36e8a3
36e8a3
Related: #1664977
36e8a3
---
36e8a3
 src/journal-remote/journal-remote-main.c | 34 +++++++++++++++++-------
36e8a3
 1 file changed, 24 insertions(+), 10 deletions(-)
36e8a3
36e8a3
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
4bff0a
index 8fda9d1499..e9b3702e8a 100644
36e8a3
--- a/src/journal-remote/journal-remote-main.c
36e8a3
+++ b/src/journal-remote/journal-remote-main.c
36e8a3
@@ -210,16 +210,14 @@ static int process_http_upload(
36e8a3
                                    journal_remote_server_global->seal);
36e8a3
                 if (r == -EAGAIN)
36e8a3
                         break;
36e8a3
-                else if (r < 0) {
36e8a3
-                        log_warning("Failed to process data for connection %p", connection);
36e8a3
+                if (r < 0) {
36e8a3
                         if (r == -E2BIG)
36e8a3
-                                return mhd_respondf(connection,
36e8a3
-                                                    r, MHD_HTTP_PAYLOAD_TOO_LARGE,
36e8a3
-                                                    "Entry is too large, maximum is " STRINGIFY(DATA_SIZE_MAX) " bytes.");
36e8a3
+                                log_warning_errno(r, "Entry is too above maximum of %u, aborting connection %p.",
36e8a3
+                                                  DATA_SIZE_MAX, connection);
36e8a3
                         else
36e8a3
-                                return mhd_respondf(connection,
36e8a3
-                                                    r, MHD_HTTP_UNPROCESSABLE_ENTITY,
36e8a3
-                                                    "Processing failed: %m.");
36e8a3
+                                log_warning_errno(r, "Failed to process data, aborting connection %p: %m",
36e8a3
+                                                  connection);
36e8a3
+                        return MHD_NO;
36e8a3
                 }
36e8a3
         }
36e8a3
 
36e8a3
@@ -253,6 +251,7 @@ static int request_handler(
36e8a3
         const char *header;
36e8a3
         int r, code, fd;
36e8a3
         _cleanup_free_ char *hostname = NULL;
36e8a3
+        size_t len;
36e8a3
 
36e8a3
         assert(connection);
36e8a3
         assert(connection_cls);
36e8a3
@@ -272,12 +271,27 @@ static int request_handler(
36e8a3
         if (!streq(url, "/upload"))
36e8a3
                 return mhd_respond(connection, MHD_HTTP_NOT_FOUND, "Not found.");
36e8a3
 
36e8a3
-        header = MHD_lookup_connection_value(connection,
36e8a3
-                                             MHD_HEADER_KIND, "Content-Type");
36e8a3
+        header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Content-Type");
36e8a3
         if (!header || !streq(header, "application/vnd.fdo.journal"))
36e8a3
                 return mhd_respond(connection, MHD_HTTP_UNSUPPORTED_MEDIA_TYPE,
36e8a3
                                    "Content-Type: application/vnd.fdo.journal is required.");
36e8a3
 
36e8a3
+        header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Content-Length");
36e8a3
+        if (!header)
36e8a3
+                return mhd_respond(connection, MHD_HTTP_LENGTH_REQUIRED,
36e8a3
+                                   "Content-Length header is required.");
36e8a3
+        r = safe_atozu(header, &len;;
36e8a3
+        if (r < 0)
36e8a3
+                return mhd_respondf(connection, r, MHD_HTTP_LENGTH_REQUIRED,
36e8a3
+                                    "Content-Length: %s cannot be parsed: %m", header);
36e8a3
+
36e8a3
+        if (len > ENTRY_SIZE_MAX)
36e8a3
+                /* When serialized, an entry of maximum size might be slightly larger,
36e8a3
+                 * so this does not correspond exactly to the limit in journald. Oh well.
36e8a3
+                 */
36e8a3
+                return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE,
36e8a3
+                                    "Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX);
36e8a3
+
36e8a3
         {
36e8a3
                 const union MHD_ConnectionInfo *ci;
36e8a3