bus: only accept gvariant native endian messages via kdbus

2013-12-10 01:07:09 +01:00 · 2013-12-10 01:07:09 +01:00 · e1d337d462
parent d36b703136
commit e1d337d462
2 changed files with 23 additions and 2 deletions
--- a/src/libsystemd-bus/bus-kernel.c
+++ b/src/libsystemd-bus/bus-kernel.c
@ -362,6 +362,7 @@ int bus_kernel_take_fd(sd_bus *b) {
        b->is_kernel = true;
        b->bus_client = true;
        b->can_fds = !!(hello.conn_flags & KDBUS_HELLO_ACCEPT_FD);
+        b->message_version = 2;

        /* the kernel told us the UUID of the underlying bus */
        memcpy(b->server_id.bytes, hello.id128, sizeof(b->server_id.bytes));
@ -676,6 +677,12 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {
        if (n_bytes != total)
                return -EBADMSG;

+        /* on kdbus we only speak native endian gvariant, never dbus1
+         * marshalling or reverse endian */
+        if (h->version != 2 ||
+            h->endian != BUS_NATIVE_ENDIAN)
+                return -EPROTOTYPE;
+
        r = bus_message_from_header(bus, h, sizeof(struct bus_header), fds, n_fds, NULL, seclabel, 0, &m);
        if (r < 0)
                return r;
@ -885,9 +892,16 @@ int bus_kernel_read_message(sd_bus *bus) {
        }
        k = (struct kdbus_msg *)((uint8_t *)bus->kdbus_buffer + off);

-        if (k->payload_type == KDBUS_PAYLOAD_DBUS)
+        if (k->payload_type == KDBUS_PAYLOAD_DBUS) {
                r = bus_kernel_make_message(bus, k);
-        else if (k->payload_type == KDBUS_PAYLOAD_KERNEL)
+
+                /* Anybody can send us invalid messages, let's just drop them. */
+                if (r == -EBADMSG || r == -EPROTOTYPE) {
+                        log_error("Ignoring invalid message: %s", strerror(-r));
+                        r = 0;
+                }
+
+        } else if (k->payload_type == KDBUS_PAYLOAD_KERNEL)
                r = bus_kernel_translate_message(bus, k);
        else
                r = 0;
--- a/src/libsystemd-bus/bus-socket.c
+++ b/src/libsystemd-bus/bus-socket.c
@ -623,6 +623,9 @@ int bus_socket_setup(sd_bus *b) {
        if (getsockopt(b->input_fd, SOL_SOCKET, SO_PEERCRED, &b->ucred, &l) >= 0 && l >= sizeof(b->ucred))
                b->ucred_valid = b->ucred.pid > 0;

+        b->is_kernel = false;
+        b->message_version = 1;
+
        return 0;
 }

@ -765,6 +768,10 @@ int bus_socket_exec(sd_bus *b) {
        close_nointr_nofail(s[1]);
        b->output_fd = b->input_fd = s[0];

+        r = bus_socket_setup(b);
+        if (r < 0)
+                return r;
+
        return bus_socket_start_auth(b);
 }