journald: set a limit on the number of fields (1k)

We allocate a iovec entry for each field, so with many short entries, our memory usage and processing time can be large, even with a relatively small message size. Let's refuse overly long entries. CVE-2018-16865 https://bugzilla.redhat.com/show_bug.cgi?id=1653861 What from I can see, the problem is not from an alloca, despite what the CVE description says, but from the attack multiplication that comes from creating many very small iovecs: (void* + size_t) for each three bytes of input message.
NixOS · Jan 9, 2019 · 052c57f · 052c57f
1 parent f0136e0
commit 052c57f
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
@@ -141,6 +141,11 @@ static int server_process_entry(
                 }
 
                 /* A property follows */
+                if (n > ENTRY_FIELD_COUNT_MAX) {
+                        log_debug("Received an entry that has more than " STRINGIFY(ENTRY_FIELD_COUNT_MAX) " fields, ignoring entry.");
+                        r = 1;
+                        goto finish;
+                }
 
                 /* n existing properties, 1 new, +1 for _TRANSPORT */
                 if (!GREEDY_REALLOC(iovec, m,

diff --git a/src/shared/journal-importer.h b/src/shared/journal-importer.h
@@ -21,6 +21,9 @@
 #endif
 #define LINE_CHUNK 8*1024u
 
+/* The maximum number of fields in an entry */
+#define ENTRY_FIELD_COUNT_MAX 1024
+
 struct iovec_wrapper {
         struct iovec *iovec;
         size_t size_bytes;