Blame - poky/meta/recipes-core/systemd/systemd/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch - openbmc/openbmc

blob: 57311faa604e275c15c224c065c8c7941d784184 [file] [log] [blame]

Brad Bishop	f8caae3	2019-03-25 13:13:56 -0400	[diff] [blame^]	1	Description: sd-bus: if we receive an invalid dbus message, ignore and
				2	proceeed
				3	.
				4	dbus-daemon might have a slightly different idea of what a valid msg is
				5	than us (for example regarding valid msg and field sizes). Let's hence
				6	try to proceed if we can and thus drop messages rather than fail the
				7	connection if we fail to validate a message.
				8	.
				9	Hopefully the differences in what is considered valid are not visible
				10	for real-life usecases, but are specific to exploit attempts only.
				11	Author: Lennart Poettering <lennart@poettering.net>
				12	Forwarded: other,https://github.com/systemd/systemd/pull/11708/
				13
				14	Patch from: systemd_239-7ubuntu10.8
				15
				16	For information see:
				17	https://usn.ubuntu.com/3891-1/
				18	https://git.launchpad.net/ubuntu/+source/systemd/commit/?id=f8e75d5634904c8e672658856508c3a02f349adb
				19
				20	CVE: CVE-2019-6454
				21	Upstream-Status: Backport
				22
				23	Signed-off-by: George McCollister <george.mccollister@gmail.com>
				24
				25	diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
				26	index 30d6455b6f..441b4a816f 100644
				27	--- a/src/libsystemd/sd-bus/bus-socket.c
				28	+++ b/src/libsystemd/sd-bus/bus-socket.c
				29	@@ -1072,7 +1072,7 @@ static int bus_socket_read_message_need(sd_bus bus, size_t need) {
				30	}
				31
				32	static int bus_socket_make_message(sd_bus *bus, size_t size) {
				33	- sd_bus_message *t;
				34	+ sd_bus_message *t = NULL;
				35	void *b;
				36	int r;
				37
				38	@@ -1097,7 +1097,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
				39	bus->fds, bus->n_fds,
				40	NULL,
				41	&t);
				42	- if (r < 0) {
				43	+ if (r == -EBADMSG)
				44	+ log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description));
				45	+ else if (r < 0) {
				46	free(b);
				47	return r;
				48	}
				49	@@ -1108,7 +1110,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
				50	bus->fds = NULL;
				51	bus->n_fds = 0;
				52
				53	- bus->rqueue[bus->rqueue_size++] = t;
				54	+ if (t)
				55	+ bus->rqueue[bus->rqueue_size++] = t;
				56
				57	return 1;
				58	}
				59	--
				60	2.17.1
				61