diff options
-rw-r--r-- | src/libsystemd-bus/bus-internal.h | 2 | ||||
-rw-r--r-- | src/libsystemd-bus/bus-message.c | 19 | ||||
-rw-r--r-- | src/libsystemd-bus/sd-bus.h | 1 |
3 files changed, 21 insertions, 1 deletions
diff --git a/src/libsystemd-bus/bus-internal.h b/src/libsystemd-bus/bus-internal.h index 3c2478e8fd..d0b7b5658d 100644 --- a/src/libsystemd-bus/bus-internal.h +++ b/src/libsystemd-bus/bus-internal.h @@ -118,6 +118,8 @@ static inline void bus_unrefp(sd_bus **b) { #define BUS_MESSAGE_SIZE_MAX (64*1024*1024) #define BUS_AUTH_SIZE_MAX (64*1024) +#define BUS_CONTAINER_DEPTH 128 + /* Defined by the specification as maximum size of an array in * bytes */ #define BUS_ARRAY_MAX_SIZE 67108864 diff --git a/src/libsystemd-bus/bus-message.c b/src/libsystemd-bus/bus-message.c index ec98de3132..74ea71ec0d 100644 --- a/src/libsystemd-bus/bus-message.c +++ b/src/libsystemd-bus/bus-message.c @@ -1741,6 +1741,25 @@ int sd_bus_message_enter_container(sd_bus_message *m, char type, const char *con if (!contents) return -EINVAL; + /* + * We enforce a global limit on container depth, that is much + * higher than the 32 structs and 32 arrays the specification + * mandates. This is simpler to implement for us, and we need + * this only to ensure our container array doesn't grow + * without bounds. We are happy to return any data from a + * message as long as the data itself is valid, even if the + * overall message might be not. + * + * Note that the message signature is validated when + * parsing the headers, and that validation does check the + * 32/32 limit. + * + * Note that the specification defines no limits on the depth + * of stacked variants, but we do. + */ + if (m->n_containers >= BUS_CONTAINER_DEPTH) + return -EBADMSG; + w = realloc(m->containers, sizeof(struct bus_container) * (m->n_containers + 1)); if (!w) return -ENOMEM; diff --git a/src/libsystemd-bus/sd-bus.h b/src/libsystemd-bus/sd-bus.h index adc7f8e2bd..8af1e85aae 100644 --- a/src/libsystemd-bus/sd-bus.h +++ b/src/libsystemd-bus/sd-bus.h @@ -32,7 +32,6 @@ * - make unix fd passing work * - add page donation logic * - api for appending/reading fixed arrays - * - always verify container depth * - merge busctl into systemctl or so? * - add object handlers * - implicitly add stub introspection calls |