From ac9c51b72213bcea3dc9cea330d4c5fce9c4470e Mon Sep 17 00:00:00 2001

From: Riccardo Schirone <rschiron@redhat.com>

Date: Mon, 4 Feb 2019 14:29:09 +0100

Subject: [PATCH] Refuse dbus message paths longer than BUS_PATH_SIZE_MAX

 limit.

Even though the dbus specification does not enforce any length limit on the

path of a dbus message, having to analyze too long strings in PID1 may be

time-consuming and it may have security impacts.

In any case, the limit is set so high that real-life applications should not

have a problem with it.

(cherry-picked from commit 61397a60d98e368a5720b37e83f3169e3eb511c4)

Related: #1678641

---

 src/libsystemd/sd-bus/bus-internal.c | 2 +-

 src/libsystemd/sd-bus/bus-internal.h | 4 ++++

 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libsystemd/sd-bus/bus-internal.c b/src/libsystemd/sd-bus/bus-internal.c

index 7bb653338d..35e0b668ee 100644

--- a/src/libsystemd/sd-bus/bus-internal.c

+++ b/src/libsystemd/sd-bus/bus-internal.c

@@ -45,7 +45,7 @@ bool object_path_is_valid(const char *p) {

         if (slash)

                 return false;

-        return true;

+        return (q - p) <= BUS_PATH_SIZE_MAX;

 }

 char* object_path_startswith(const char *a, const char *b) {

diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h

index 2087ef8eeb..90e6028983 100644

--- a/src/libsystemd/sd-bus/bus-internal.h

+++ b/src/libsystemd/sd-bus/bus-internal.h

@@ -333,6 +333,10 @@ struct sd_bus {

 #define BUS_MESSAGE_SIZE_MAX (128*1024*1024)

 #define BUS_AUTH_SIZE_MAX (64*1024)

+/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one

+ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however,

+ * to not clash unnecessarily with real-life applications. */

+#define BUS_PATH_SIZE_MAX (64*1024)

 #define BUS_CONTAINER_DEPTH 128