aboutsummaryrefslogtreecommitdiff
path: root/package/systemd/0018-Refuse-dbus-message-paths-longer-than-BUS_PATH_SIZE_.patch
blob: 2de3b71b5cecdb51183164fe303970fa62a23cc6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
From febef5e18558c114f4fb7c94f6c8ed3520c50cdf Mon Sep 17 00:00:00 2001
From: Riccardo Schirone <rschiron@redhat.com>
Date: Mon, 4 Feb 2019 14:29:09 +0100
Subject: [PATCH] Refuse dbus message paths longer than BUS_PATH_SIZE_MAX
 limit.

Even though the dbus specification does not enforce any length limit on the
path of a dbus message, having to analyze too long strings in PID1 may be
time-consuming and it may have security impacts.

In any case, the limit is set so high that real-life applications should not
have a problem with it.

(cherry picked from commit 61397a60d98e368a5720b37e83f3169e3eb511c4)
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 61397a60d98

 src/libsystemd/sd-bus/bus-internal.c | 2 +-
 src/libsystemd/sd-bus/bus-internal.h | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libsystemd/sd-bus/bus-internal.c b/src/libsystemd/sd-bus/bus-internal.c
index 40acae213381..598b7f110c73 100644
--- a/src/libsystemd/sd-bus/bus-internal.c
+++ b/src/libsystemd/sd-bus/bus-internal.c
@@ -43,7 +43,7 @@ bool object_path_is_valid(const char *p) {
         if (slash)
                 return false;
 
-        return true;
+        return (q - p) <= BUS_PATH_SIZE_MAX;
 }
 
 char* object_path_startswith(const char *a, const char *b) {
diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h
index f208b294d8f1..a8d61bf72a4e 100644
--- a/src/libsystemd/sd-bus/bus-internal.h
+++ b/src/libsystemd/sd-bus/bus-internal.h
@@ -332,6 +332,10 @@ struct sd_bus {
 
 #define BUS_MESSAGE_SIZE_MAX (128*1024*1024)
 #define BUS_AUTH_SIZE_MAX (64*1024)
+/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one
+ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however,
+ * to not clash unnecessarily with real-life applications. */
+#define BUS_PATH_SIZE_MAX (64*1024)
 
 #define BUS_CONTAINER_DEPTH 128
 
-- 
2.20.1