Skip to content
Permalink
Browse files

sd-bus: if we receive an invalid dbus message, ignore and proceeed

dbus-daemon might have a slightly different idea of what a valid msg is
than us (for example regarding valid msg and field sizes). Let's hence
try to proceed if we can and thus drop messages rather than fail the
connection if we fail to validate a message.

Hopefully the differences in what is considered valid are not visible
for real-life usecases, but are specific to exploit attempts only.

(cherry picked from commit 6d586a1)
  • Loading branch information...
poettering authored and keszybz committed Feb 13, 2019
1 parent 2760b0d commit 8bca4621fc003a148c70248c55aa877dfe61fd3f
Showing with 6 additions and 3 deletions.
  1. +6 −3 src/libsystemd/sd-bus/bus-socket.c
@@ -1078,7 +1078,7 @@ static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
}

static int bus_socket_make_message(sd_bus *bus, size_t size) {
sd_bus_message *t;
sd_bus_message *t = NULL;
void *b;
int r;

@@ -1103,7 +1103,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
bus->fds, bus->n_fds,
NULL,
&t);
if (r < 0) {
if (r == -EBADMSG)
log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description));
else if (r < 0) {
free(b);
return r;
}
@@ -1114,7 +1116,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
bus->fds = NULL;
bus->n_fds = 0;

bus->rqueue[bus->rqueue_size++] = t;
if (t)
bus->rqueue[bus->rqueue_size++] = t;

return 1;
}

0 comments on commit 8bca462

Please sign in to comment.
You can’t perform that action at this time.