machined: add early checks for unrealistically large image/pool sizes

2 files changed, 6 insertions, 0 deletions

diff --git a/src/machine/image-dbus.c b/src/machine/image-dbus.c
index 4ec1766033..19388b016a 100644
--- a/src/machine/image-dbus.c
+++ b/src/machine/image-dbus.c
@@ -23,6 +23,7 @@
 #include "bus-label.h"
 #include "bus-util.h"
 #include "image-dbus.h"
+#include "io-util.h"
 #include "machine-image.h"
 #include "strv.h"
 #include "user-util.h"
@@ -195,6 +196,8 @@ int bus_image_method_set_limit(
         r = sd_bus_message_read(message, "t", &limit);
         if (r < 0)
                 return r;
+        if (!FILE_SIZE_VALID_OR_INFINITY(limit))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range");
 
         r = bus_verify_polkit_async(
                         message,
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
index 521043f6a3..6cb70af3aa 100644
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -34,6 +34,7 @@
 #include "formats-util.h"
 #include "hostname-util.h"
 #include "image-dbus.h"
+#include "io-util.h"
 #include "machine-dbus.h"
 #include "machine-image.h"
 #include "machine-pool.h"
@@ -813,6 +814,8 @@ static int method_set_pool_limit(sd_bus_message *message, void *userdata, sd_bus
         r = sd_bus_message_read(message, "t", &limit);
         if (r < 0)
                 return r;
+        if (!FILE_SIZE_VALID_OR_INFINITY(limit))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range");
 
         r = bus_verify_polkit_async(
                         message,