c62b8e
From dec34b2c3b66f9ccf3977e3a45d3a8365ba92027 Mon Sep 17 00:00:00 2001
23b3cf
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
23b3cf
Date: Thu, 3 Jan 2019 16:28:30 +0100
23b3cf
Subject: [PATCH] journal-remote: set a limit on the number of fields in a
23b3cf
 message
23b3cf
23b3cf
Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
23b3cf
reused for the new error condition (too many fields).
23b3cf
23b3cf
This matches the change done for systemd-journald, hence forming the second
23b3cf
part of the fix for CVE-2018-16865
23b3cf
(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
23b3cf
23b3cf
Resolves: #1657792
23b3cf
---
23b3cf
 src/journal-remote/journal-remote-parse.c |  2 +-
23b3cf
 src/journal-remote/journal-remote-write.c |  3 +++
23b3cf
 src/journal-remote/journal-remote.c       | 14 ++++++++++++--
23b3cf
 3 files changed, 16 insertions(+), 3 deletions(-)
23b3cf
23b3cf
diff --git a/src/journal-remote/journal-remote-parse.c b/src/journal-remote/journal-remote-parse.c
c62b8e
index 64089da19b..53f4e36123 100644
23b3cf
--- a/src/journal-remote/journal-remote-parse.c
23b3cf
+++ b/src/journal-remote/journal-remote-parse.c
23b3cf
@@ -107,7 +107,7 @@ static int get_line(RemoteSource *source, char **line, size_t *size) {
23b3cf
                 source->scanned = source->filled;
23b3cf
                 if (source->scanned >= DATA_SIZE_MAX) {
23b3cf
                         log_error("Entry is bigger than %u bytes.", DATA_SIZE_MAX);
23b3cf
-                        return -E2BIG;
23b3cf
+                        return -ENOBUFS;
23b3cf
                 }
23b3cf
 
23b3cf
                 if (source->passive_fd)
23b3cf
diff --git a/src/journal-remote/journal-remote-write.c b/src/journal-remote/journal-remote-write.c
c62b8e
index 99820fa7b8..99920e62c5 100644
23b3cf
--- a/src/journal-remote/journal-remote-write.c
23b3cf
+++ b/src/journal-remote/journal-remote-write.c
23b3cf
@@ -22,6 +22,9 @@
23b3cf
 #include "journal-remote.h"
23b3cf
 
23b3cf
 int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) {
23b3cf
+        if (iovw->count >= ENTRY_FIELD_COUNT_MAX)
23b3cf
+                return -E2BIG;
23b3cf
+
23b3cf
         if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1))
23b3cf
                 return log_oom();
23b3cf
 
23b3cf
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
c62b8e
index a455fb6bd8..e65daf6a0b 100644
23b3cf
--- a/src/journal-remote/journal-remote.c
23b3cf
+++ b/src/journal-remote/journal-remote.c
23b3cf
@@ -524,11 +524,18 @@ static int process_http_upload(
23b3cf
                         break;
23b3cf
                 else if (r < 0) {
23b3cf
                         log_warning("Failed to process data for connection %p", connection);
23b3cf
-                        if (r == -E2BIG)
23b3cf
+                        if (r == -ENOBUFS)
23b3cf
                                 return mhd_respondf(connection,
23b3cf
                                                     MHD_HTTP_REQUEST_ENTITY_TOO_LARGE,
23b3cf
                                                     "Entry is too large, maximum is %u bytes.\n",
23b3cf
                                                     DATA_SIZE_MAX);
23b3cf
+
23b3cf
+                        else if (r == -E2BIG)
23b3cf
+                                return mhd_respondf(connection,
23b3cf
+                                                    MHD_HTTP_REQUEST_ENTITY_TOO_LARGE,
23b3cf
+                                                    "Entry with more fields than the maximum of %u\n",
23b3cf
+                                                    ENTRY_FIELD_COUNT_MAX);
23b3cf
+
23b3cf
                         else
23b3cf
                                 return mhd_respondf(connection,
23b3cf
                                                     MHD_HTTP_UNPROCESSABLE_ENTITY,
23b3cf
@@ -1043,7 +1050,10 @@ static int handle_raw_source(sd_event_source *event,
23b3cf
                 log_debug("%zu active sources remaining", s->active);
23b3cf
                 return 0;
23b3cf
         } else if (r == -E2BIG) {
23b3cf
-                log_notice_errno(E2BIG, "Entry too big, skipped");
23b3cf
+                log_notice_errno(E2BIG, "Entry with too many fields, skipped");
23b3cf
+                return 1;
23b3cf
+        } else if (r == -ENOBUFS) {
23b3cf
+                log_notice_errno(ENOBUFS, "Entry too big, skipped");
23b3cf
                 return 1;
23b3cf
         } else if (r == -EAGAIN) {
23b3cf
                 return 0;