diff options
Diffstat (limited to 'meta/recipes-core/systemd/systemd/0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch')
-rw-r--r-- | meta/recipes-core/systemd/systemd/0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch b/meta/recipes-core/systemd/systemd/0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch new file mode 100644 index 0000000000..f297333e72 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch | |||
@@ -0,0 +1,79 @@ | |||
1 | From ce1475b4f69f0a4382c6190f55e080d91de84611 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> | ||
3 | Date: Fri, 7 Dec 2018 10:48:10 +0100 | ||
4 | Subject: [PATCH] journal-remote: set a limit on the number of fields in a | ||
5 | message | ||
6 | |||
7 | Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is | ||
8 | reused for the new error condition (too many fields). | ||
9 | |||
10 | This matches the change done for systemd-journald, hence forming the second | ||
11 | part of the fix for CVE-2018-16865 | ||
12 | (https://bugzilla.redhat.com/show_bug.cgi?id=1653861). | ||
13 | |||
14 | Patch backported from systemd master at | ||
15 | ef4d6abe7c7fab6cbff975b32e76b09feee56074. | ||
16 | |||
17 | Patch for 237 from: | ||
18 | systemd_237-3ubuntu10.13.debian CVE-2018-16865_2.patch | ||
19 | |||
20 | CVE: CVE-2018-16865 | ||
21 | Upstream-Status: Backport | ||
22 | |||
23 | --- | ||
24 | src/journal-remote/journal-remote-main.c | 7 +++++-- | ||
25 | src/journal-remote/journal-remote.c | 3 +++ | ||
26 | src/shared/journal-importer.c | 5 ++++- | ||
27 | 3 files changed, 12 insertions(+), 3 deletions(-) | ||
28 | |||
29 | --- a/src/basic/journal-importer.c | ||
30 | +++ b/src/basic/journal-importer.c | ||
31 | @@ -38,6 +38,9 @@ | ||
32 | }; | ||
33 | |||
34 | static int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) { | ||
35 | + if (iovw->count >= ENTRY_FIELD_COUNT_MAX) | ||
36 | + return -E2BIG; | ||
37 | + | ||
38 | if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1)) | ||
39 | return log_oom(); | ||
40 | |||
41 | @@ -113,7 +116,7 @@ | ||
42 | imp->scanned = imp->filled; | ||
43 | if (imp->scanned >= DATA_SIZE_MAX) { | ||
44 | log_error("Entry is bigger than %u bytes.", DATA_SIZE_MAX); | ||
45 | - return -E2BIG; | ||
46 | + return -ENOBUFS; | ||
47 | } | ||
48 | |||
49 | if (imp->passive_fd) | ||
50 | --- a/src/journal-remote/journal-remote.c | ||
51 | +++ b/src/journal-remote/journal-remote.c | ||
52 | @@ -517,10 +517,16 @@ | ||
53 | break; | ||
54 | else if (r < 0) { | ||
55 | log_warning("Failed to process data for connection %p", connection); | ||
56 | - if (r == -E2BIG) | ||
57 | + if (r == -ENOBUFS) | ||
58 | return mhd_respondf(connection, | ||
59 | r, MHD_HTTP_PAYLOAD_TOO_LARGE, | ||
60 | "Entry is too large, maximum is " STRINGIFY(DATA_SIZE_MAX) " bytes."); | ||
61 | + | ||
62 | + else if (r == -E2BIG) | ||
63 | + return mhd_respondf(connection, | ||
64 | + r, MHD_HTTP_REQUEST_ENTITY_TOO_LARGE, | ||
65 | + "Entry with more fields than the maximum of " STRINGIFY(ENTRY_FIELD_COUNT_MAX) "."); | ||
66 | + | ||
67 | else | ||
68 | return mhd_respondf(connection, | ||
69 | r, MHD_HTTP_UNPROCESSABLE_ENTITY, | ||
70 | @@ -1090,6 +1096,9 @@ | ||
71 | log_debug("%zu active sources remaining", s->active); | ||
72 | return 0; | ||
73 | } else if (r == -E2BIG) { | ||
74 | + log_notice("Entry with too many fields, skipped"); | ||
75 | + return 1; | ||
76 | + } else if (r == -ENOBUFS) { | ||
77 | log_notice_errno(E2BIG, "Entry too big, skipped"); | ||
78 | return 1; | ||
79 | } else if (r == -EAGAIN) { | ||