-
-
Notifications
You must be signed in to change notification settings - Fork 12.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kinit: Increase environment size limit
start_kdeinit reads its environment over a pipe from start_kdeinit_wrapper. For security, each environment entry must be smaller than 4kb by default. Qt-based applications in Nixpkgs may have larger environments, and the recent upgrade to Plasma 5.17 pushed start_kdeinit_wrapper over the limit. The limit is now extended to 16kb. This problem was not detected during testing because the failure is silent: start_kdeinit will continue with an empty environment. In other circumstances, this strategy might work, but it does not work on NixOS. This failure is now treated as a fatal error. Fixes: #79707 (cherry picked from commit c758609)
- Loading branch information
Showing
6 changed files
with
96 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
pkgs/development/libraries/kde-frameworks/kinit/0002-start_kdeinit-path.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
From 129cd0ae1e983adc10dbe84e87bcc6f31cb13db8 Mon Sep 17 00:00:00 2001 | ||
From: Thomas Tuegel <ttuegel@mailbox.org> | ||
Date: Sun, 16 Feb 2020 14:23:44 -0600 | ||
Subject: [PATCH 2/4] start_kdeinit-path | ||
|
||
--- | ||
src/start_kdeinit/start_kdeinit_wrapper.c | 2 +- | ||
1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
||
diff --git a/src/start_kdeinit/start_kdeinit_wrapper.c b/src/start_kdeinit/start_kdeinit_wrapper.c | ||
index 891f50c..ef664ad 100644 | ||
--- a/src/start_kdeinit/start_kdeinit_wrapper.c | ||
+++ b/src/start_kdeinit/start_kdeinit_wrapper.c | ||
@@ -23,7 +23,7 @@ | ||
#include <string.h> | ||
#include <unistd.h> | ||
|
||
-#define EXECUTE CMAKE_INSTALL_FULL_LIBEXECDIR_KF5 "/start_kdeinit" | ||
+#define EXECUTE "/run/wrappers/bin/start_kdeinit" | ||
|
||
#if KDEINIT_OOM_PROTECT | ||
|
||
-- | ||
2.23.1 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
29 changes: 29 additions & 0 deletions
29
pkgs/development/libraries/kde-frameworks/kinit/0004-start_kdeinit-environ-hard-limit.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
From 41e94983dcfbc1667f1b18c5b566aa5c5975edcb Mon Sep 17 00:00:00 2001 | ||
From: Thomas Tuegel <ttuegel@mailbox.org> | ||
Date: Mon, 17 Feb 2020 04:45:03 -0600 | ||
Subject: [PATCH 4/4] start_kdeinit-environ-hard-limit | ||
|
||
--- | ||
src/start_kdeinit/start_kdeinit.c | 6 +++++- | ||
1 file changed, 5 insertions(+), 1 deletion(-) | ||
|
||
diff --git a/src/start_kdeinit/start_kdeinit.c b/src/start_kdeinit/start_kdeinit.c | ||
index f2db3e9..4ff2602 100644 | ||
--- a/src/start_kdeinit/start_kdeinit.c | ||
+++ b/src/start_kdeinit/start_kdeinit.c | ||
@@ -148,7 +148,11 @@ int main(int argc, char **argv) | ||
++i) { | ||
unsigned len; | ||
if (read(0, &len, sizeof(unsigned)) == sizeof(unsigned) | ||
- && len && len < (1 << 12)) { | ||
+ && len) { | ||
+ if (len >= (1 << 14)) { | ||
+ fprintf(stderr, "%s: exceeded environment length limit", argv[0]); | ||
+ return 1; | ||
+ } | ||
env[ i ] = malloc(len + 1); | ||
if ((unsigned) read(0, env[ i ], len) == len) { | ||
env[ i ][ len ] = '\0'; | ||
-- | ||
2.23.1 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 0 additions & 13 deletions
13
pkgs/development/libraries/kde-frameworks/kinit/start_kdeinit-path.patch
This file was deleted.
Oops, something went wrong.