|
 |
a3e2b5 |
From f2f784ac5e4b7d0e20eadf97049eaec8c685e5fe Mon Sep 17 00:00:00 2001
|
|
|
a3e2b5 |
From: Lennart Poettering <lennart@poettering.net>
|
|
|
a3e2b5 |
Date: Wed, 13 Feb 2019 16:51:22 +0100
|
|
|
a3e2b5 |
Subject: [PATCH] sd-bus: if we receive an invalid dbus message, ignore and
|
|
|
a3e2b5 |
proceeed
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
dbus-daemon might have a slightly different idea of what a valid msg is
|
|
|
a3e2b5 |
than us (for example regarding valid msg and field sizes). Let's hence
|
|
|
a3e2b5 |
try to proceed if we can and thus drop messages rather than fail the
|
|
|
a3e2b5 |
connection if we fail to validate a message.
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
Hopefully the differences in what is considered valid are not visible
|
|
|
a3e2b5 |
for real-life usecases, but are specific to exploit attempts only.
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
(cherry-picked from commit 6d586a13717ae057aa1b4127400c3de61cd5b9e7)
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
Related: #1678641
|
|
|
a3e2b5 |
---
|
|
|
a3e2b5 |
src/libsystemd/sd-bus/bus-socket.c | 9 ++++++---
|
|
|
a3e2b5 |
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
|
|
|
a3e2b5 |
index a5513d1ab5..17cfa8e1fd 100644
|
|
|
a3e2b5 |
--- a/src/libsystemd/sd-bus/bus-socket.c
|
|
|
a3e2b5 |
+++ b/src/libsystemd/sd-bus/bus-socket.c
|
|
|
a3e2b5 |
@@ -1078,7 +1078,7 @@ static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
|
|
|
a3e2b5 |
}
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
static int bus_socket_make_message(sd_bus *bus, size_t size) {
|
|
|
a3e2b5 |
- sd_bus_message *t;
|
|
|
a3e2b5 |
+ sd_bus_message *t = NULL;
|
|
|
a3e2b5 |
void *b;
|
|
|
a3e2b5 |
int r;
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
@@ -1103,7 +1103,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
|
|
|
a3e2b5 |
bus->fds, bus->n_fds,
|
|
|
a3e2b5 |
NULL,
|
|
|
a3e2b5 |
&t);
|
|
|
a3e2b5 |
- if (r < 0) {
|
|
|
a3e2b5 |
+ if (r == -EBADMSG)
|
|
|
a3e2b5 |
+ log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description));
|
|
|
a3e2b5 |
+ else if (r < 0) {
|
|
|
a3e2b5 |
free(b);
|
|
|
a3e2b5 |
return r;
|
|
|
a3e2b5 |
}
|
|
|
a3e2b5 |
@@ -1114,7 +1116,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
|
|
|
a3e2b5 |
bus->fds = NULL;
|
|
|
a3e2b5 |
bus->n_fds = 0;
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
- bus->rqueue[bus->rqueue_size++] = t;
|
|
|
a3e2b5 |
+ if (t)
|
|
|
a3e2b5 |
+ bus->rqueue[bus->rqueue_size++] = t;
|
|
|
a3e2b5 |
|
|
|
a3e2b5 |
return 1;
|
|
|
a3e2b5 |
}
|