|
 |
a3e2b5 |
From fde3fa3e9c0330c7de645ce2140f9dd39640a693 Mon Sep 17 00:00:00 2001
|
|
|
a3e2b5 |
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
|
a3e2b5 |
Date: Fri, 7 Dec 2018 10:48:10 +0100
|
|
|
a3e2b5 |
Subject: [PATCH] journal-remote: set a limit on the number of fields in a
|
|
|
a3e2b5 |
message
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
|
|
|
a3e2b5 |
reused for the new error condition (too many fields).
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
This matches the change done for systemd-journald, hence forming the second
|
|
|
a3e2b5 |
part of the fix for CVE-2018-16865
|
|
|
a3e2b5 |
(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
(cherry-picked from commit ef4d6abe7c7fab6cbff975b32e76b09feee56074)
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
Resolves: #1664977
|
|
|
a3e2b5 |
---
|
|
|
a3e2b5 |
src/journal-remote/journal-remote-main.c | 7 +++++--
|
|
|
a3e2b5 |
src/journal-remote/journal-remote.c | 5 ++++-
|
|
|
a3e2b5 |
2 files changed, 9 insertions(+), 3 deletions(-)
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
|
|
|
a3e2b5 |
index e9b3702e8a..5b0bbba310 100644
|
|
|
a3e2b5 |
--- a/src/journal-remote/journal-remote-main.c
|
|
|
a3e2b5 |
+++ b/src/journal-remote/journal-remote-main.c
|
|
|
a3e2b5 |
@@ -211,9 +211,12 @@ static int process_http_upload(
|
|
|
a3e2b5 |
if (r == -EAGAIN)
|
|
|
a3e2b5 |
break;
|
|
|
a3e2b5 |
if (r < 0) {
|
|
|
a3e2b5 |
- if (r == -E2BIG)
|
|
|
a3e2b5 |
- log_warning_errno(r, "Entry is too above maximum of %u, aborting connection %p.",
|
|
|
a3e2b5 |
+ if (r == -ENOBUFS)
|
|
|
a3e2b5 |
+ log_warning_errno(r, "Entry is above the maximum of %u, aborting connection %p.",
|
|
|
a3e2b5 |
DATA_SIZE_MAX, connection);
|
|
|
a3e2b5 |
+ else if (r == -E2BIG)
|
|
|
a3e2b5 |
+ log_warning_errno(r, "Entry with more fields than the maximum of %u, aborting connection %p.",
|
|
|
a3e2b5 |
+ ENTRY_FIELD_COUNT_MAX, connection);
|
|
|
a3e2b5 |
else
|
|
|
a3e2b5 |
log_warning_errno(r, "Failed to process data, aborting connection %p: %m",
|
|
|
a3e2b5 |
connection);
|
|
|
a3e2b5 |
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
|
|
|
a3e2b5 |
index beb75a1cb4..67e3a70c06 100644
|
|
|
a3e2b5 |
--- a/src/journal-remote/journal-remote.c
|
|
|
a3e2b5 |
+++ b/src/journal-remote/journal-remote.c
|
|
|
a3e2b5 |
@@ -408,7 +408,10 @@ int journal_remote_handle_raw_source(
|
|
|
a3e2b5 |
log_debug("%zu active sources remaining", s->active);
|
|
|
a3e2b5 |
return 0;
|
|
|
a3e2b5 |
} else if (r == -E2BIG) {
|
|
|
a3e2b5 |
- log_notice_errno(E2BIG, "Entry too big, skipped");
|
|
|
a3e2b5 |
+ log_notice("Entry with too many fields, skipped");
|
|
|
a3e2b5 |
+ return 1;
|
|
|
a3e2b5 |
+ } else if (r == -ENOBUFS) {
|
|
|
a3e2b5 |
+ log_notice("Entry too big, skipped");
|
|
|
a3e2b5 |
return 1;
|
|
|
a3e2b5 |
} else if (r == -EAGAIN) {
|
|
|
a3e2b5 |
return 0;
|