You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
84 lines
3.9 KiB
84 lines
3.9 KiB
5 years ago
|
From dec34b2c3b66f9ccf3977e3a45d3a8365ba92027 Mon Sep 17 00:00:00 2001
|
||
|
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||
|
|
Date: Thu, 3 Jan 2019 16:28:30 +0100
|
||
|
|
Subject: [PATCH] journal-remote: set a limit on the number of fields in a
|
||
|
|
message
|
||
|
|
|
||
|
|
Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
|
||
|
|
reused for the new error condition (too many fields).
|
||
|
|
|
||
|
|
This matches the change done for systemd-journald, hence forming the second
|
||
|
|
part of the fix for CVE-2018-16865
|
||
|
|
(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
|
||
|
|
|
||
|
|
Resolves: #1657792
|
||
|
|
---
|
||
|
|
src/journal-remote/journal-remote-parse.c | 2 +-
|
||
|
|
src/journal-remote/journal-remote-write.c | 3 +++
|
||
|
|
src/journal-remote/journal-remote.c | 14 ++++++++++++--
|
||
|
|
3 files changed, 16 insertions(+), 3 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/src/journal-remote/journal-remote-parse.c b/src/journal-remote/journal-remote-parse.c
|
||
|
|
index 64089da19b..53f4e36123 100644
|
||
|
|
--- a/src/journal-remote/journal-remote-parse.c
|
||
|
|
+++ b/src/journal-remote/journal-remote-parse.c
|
||
|
|
@@ -107,7 +107,7 @@ static int get_line(RemoteSource *source, char **line, size_t *size) {
|
||
|
|
source->scanned = source->filled;
|
||
|
|
if (source->scanned >= DATA_SIZE_MAX) {
|
||
|
|
log_error("Entry is bigger than %u bytes.", DATA_SIZE_MAX);
|
||
|
|
- return -E2BIG;
|
||
|
|
+ return -ENOBUFS;
|
||
|
|
}
|
||
|
|
|
||
|
|
if (source->passive_fd)
|
||
|
|
diff --git a/src/journal-remote/journal-remote-write.c b/src/journal-remote/journal-remote-write.c
|
||
|
|
index 99820fa7b8..99920e62c5 100644
|
||
|
|
--- a/src/journal-remote/journal-remote-write.c
|
||
|
|
+++ b/src/journal-remote/journal-remote-write.c
|
||
|
|
@@ -22,6 +22,9 @@
|
||
|
|
#include "journal-remote.h"
|
||
|
|
|
||
|
|
int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) {
|
||
|
|
+ if (iovw->count >= ENTRY_FIELD_COUNT_MAX)
|
||
|
|
+ return -E2BIG;
|
||
|
|
+
|
||
|
|
if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1))
|
||
|
|
return log_oom();
|
||
|
|
|
||
|
|
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
|
||
|
|
index a455fb6bd8..e65daf6a0b 100644
|
||
|
|
--- a/src/journal-remote/journal-remote.c
|
||
|
|
+++ b/src/journal-remote/journal-remote.c
|
||
|
|
@@ -524,11 +524,18 @@ static int process_http_upload(
|
||
|
|
break;
|
||
|
|
else if (r < 0) {
|
||
|
|
log_warning("Failed to process data for connection %p", connection);
|
||
|
|
- if (r == -E2BIG)
|
||
|
|
+ if (r == -ENOBUFS)
|
||
|
|
return mhd_respondf(connection,
|
||
|
|
MHD_HTTP_REQUEST_ENTITY_TOO_LARGE,
|
||
|
|
"Entry is too large, maximum is %u bytes.\n",
|
||
|
|
DATA_SIZE_MAX);
|
||
|
|
+
|
||
|
|
+ else if (r == -E2BIG)
|
||
|
|
+ return mhd_respondf(connection,
|
||
|
|
+ MHD_HTTP_REQUEST_ENTITY_TOO_LARGE,
|
||
|
|
+ "Entry with more fields than the maximum of %u\n",
|
||
|
|
+ ENTRY_FIELD_COUNT_MAX);
|
||
|
|
+
|
||
|
|
else
|
||
|
|
return mhd_respondf(connection,
|
||
|
|
MHD_HTTP_UNPROCESSABLE_ENTITY,
|
||
|
|
@@ -1043,7 +1050,10 @@ static int handle_raw_source(sd_event_source *event,
|
||
|
|
log_debug("%zu active sources remaining", s->active);
|
||
|
|
return 0;
|
||
|
|
} else if (r == -E2BIG) {
|
||
|
|
- log_notice_errno(E2BIG, "Entry too big, skipped");
|
||
|
|
+ log_notice_errno(E2BIG, "Entry with too many fields, skipped");
|
||
|
|
+ return 1;
|
||
|
|
+ } else if (r == -ENOBUFS) {
|
||
|
|
+ log_notice_errno(ENOBUFS, "Entry too big, skipped");
|
||
|
|
return 1;
|
||
|
|
} else if (r == -EAGAIN) {
|
||
|
|
return 0;
|