bus: enforce limits on all client influenced data objects
This commit is contained in:
parent
29f6aadd53
commit
2522023999
|
@ -110,3 +110,9 @@ static inline void bus_unrefp(sd_bus **b) {
|
||||||
#define _cleanup_bus_unref_ __attribute__((cleanup(bus_unrefp)))
|
#define _cleanup_bus_unref_ __attribute__((cleanup(bus_unrefp)))
|
||||||
|
|
||||||
#define BUS_DEFAULT_TIMEOUT ((usec_t) (25 * USEC_PER_SEC))
|
#define BUS_DEFAULT_TIMEOUT ((usec_t) (25 * USEC_PER_SEC))
|
||||||
|
|
||||||
|
#define BUS_WQUEUE_MAX 128
|
||||||
|
#define BUS_RQUEUE_MAX 128
|
||||||
|
|
||||||
|
#define BUS_MESSAGE_SIZE_MAX (64*1024*1024)
|
||||||
|
#define BUS_AUTH_SIZE_MAX (64*1024)
|
||||||
|
|
|
@ -35,8 +35,6 @@
|
||||||
#include "bus-message.h"
|
#include "bus-message.h"
|
||||||
#include "bus-type.h"
|
#include "bus-type.h"
|
||||||
|
|
||||||
#define WQUEUE_MAX 128
|
|
||||||
|
|
||||||
static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec);
|
static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec);
|
||||||
|
|
||||||
static void bus_free(sd_bus *b) {
|
static void bus_free(sd_bus *b) {
|
||||||
|
@ -495,6 +493,13 @@ static int bus_read_auth(sd_bus *b) {
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
n = MAX(3 + 32 + 2 + sizeof("AGREE_UNIX_FD") - 1 + 2, b->rbuffer_size * 2);
|
n = MAX(3 + 32 + 2 + sizeof("AGREE_UNIX_FD") - 1 + 2, b->rbuffer_size * 2);
|
||||||
|
|
||||||
|
if (n > BUS_AUTH_SIZE_MAX)
|
||||||
|
n = BUS_AUTH_SIZE_MAX;
|
||||||
|
|
||||||
|
if (b->rbuffer_size >= n)
|
||||||
|
return -ENOBUFS;
|
||||||
|
|
||||||
p = realloc(b->rbuffer, n);
|
p = realloc(b->rbuffer, n);
|
||||||
if (!p)
|
if (!p)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
@ -845,6 +850,7 @@ static int message_write(sd_bus *bus, sd_bus_message *m, size_t *idx) {
|
||||||
static int message_read_need(sd_bus *bus, size_t *need) {
|
static int message_read_need(sd_bus *bus, size_t *need) {
|
||||||
uint32_t a, b;
|
uint32_t a, b;
|
||||||
uint8_t e;
|
uint8_t e;
|
||||||
|
uint64_t sum;
|
||||||
|
|
||||||
assert(bus);
|
assert(bus);
|
||||||
assert(need);
|
assert(need);
|
||||||
|
@ -885,7 +891,11 @@ static int message_read_need(sd_bus *bus, size_t *need) {
|
||||||
} else
|
} else
|
||||||
return -EBADMSG;
|
return -EBADMSG;
|
||||||
|
|
||||||
*need = sizeof(struct bus_header) + ALIGN_TO(b, 8) + a;
|
sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
|
||||||
|
if (sum >= BUS_MESSAGE_SIZE_MAX)
|
||||||
|
return -ENOBUFS;
|
||||||
|
|
||||||
|
*need = (size_t) sum;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1093,7 +1103,7 @@ int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) {
|
||||||
|
|
||||||
/* Just append it to the queue. */
|
/* Just append it to the queue. */
|
||||||
|
|
||||||
if (bus->wqueue_size >= WQUEUE_MAX)
|
if (bus->wqueue_size >= BUS_WQUEUE_MAX)
|
||||||
return -ENOBUFS;
|
return -ENOBUFS;
|
||||||
|
|
||||||
q = realloc(bus->wqueue, sizeof(sd_bus_message*) * (bus->wqueue_size + 1));
|
q = realloc(bus->wqueue, sizeof(sd_bus_message*) * (bus->wqueue_size + 1));
|
||||||
|
@ -1300,6 +1310,9 @@ int sd_bus_send_with_reply_and_block(
|
||||||
if (!room) {
|
if (!room) {
|
||||||
sd_bus_message **q;
|
sd_bus_message **q;
|
||||||
|
|
||||||
|
if (bus->rqueue_size >= BUS_RQUEUE_MAX)
|
||||||
|
return -ENOBUFS;
|
||||||
|
|
||||||
/* Make sure there's room for queuing this
|
/* Make sure there's room for queuing this
|
||||||
* locally, before we read the message */
|
* locally, before we read the message */
|
||||||
|
|
||||||
|
|
|
@ -38,8 +38,6 @@
|
||||||
* - add object handlers
|
* - add object handlers
|
||||||
* - add peer message handlers
|
* - add peer message handlers
|
||||||
* - verify object paths
|
* - verify object paths
|
||||||
* - when reading a message, verify its size
|
|
||||||
* - add limits to wqueue and rqueue alike
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
typedef struct sd_bus sd_bus;
|
typedef struct sd_bus sd_bus;
|
||||||
|
|
Loading…
Reference in a new issue