diff options
Diffstat (limited to 'meta/recipes-core/systemd/systemd/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch')
-rw-r--r-- | meta/recipes-core/systemd/systemd/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch b/meta/recipes-core/systemd/systemd/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch new file mode 100644 index 0000000000..4ffa739145 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | Description: sd-bus: if we receive an invalid dbus message, ignore and | ||
2 | proceeed | ||
3 | . | ||
4 | dbus-daemon might have a slightly different idea of what a valid msg is | ||
5 | than us (for example regarding valid msg and field sizes). Let's hence | ||
6 | try to proceed if we can and thus drop messages rather than fail the | ||
7 | connection if we fail to validate a message. | ||
8 | . | ||
9 | Hopefully the differences in what is considered valid are not visible | ||
10 | for real-life usecases, but are specific to exploit attempts only. | ||
11 | Author: Lennart Poettering <lennart@poettering.net> | ||
12 | Forwarded: other,https://github.com/systemd/systemd/pull/11708/ | ||
13 | |||
14 | Patch from: systemd_237-3ubuntu10.13 | ||
15 | |||
16 | For information see: | ||
17 | https://usn.ubuntu.com/3891-1/ | ||
18 | https://git.launchpad.net/ubuntu/+source/systemd/commit/?h=applied/ubuntu/bionic-updates&id=d7584b894afcaa8a4a1abb69db2a9c81a6276e80 | ||
19 | |||
20 | CVE: CVE-2019-6454 | ||
21 | Upstream-Status: Backport | ||
22 | |||
23 | Signed-off-by: George McCollister <george.mccollister@gmail.com> | ||
24 | |||
25 | diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c | ||
26 | index 30d6455b6f..441b4a816f 100644 | ||
27 | --- a/src/libsystemd/sd-bus/bus-socket.c | ||
28 | +++ b/src/libsystemd/sd-bus/bus-socket.c | ||
29 | @@ -1072,7 +1072,7 @@ static int bus_socket_read_message_need(sd_bus *bus, size_t *need) { | ||
30 | } | ||
31 | |||
32 | static int bus_socket_make_message(sd_bus *bus, size_t size) { | ||
33 | - sd_bus_message *t; | ||
34 | + sd_bus_message *t = NULL; | ||
35 | void *b; | ||
36 | int r; | ||
37 | |||
38 | @@ -1097,7 +1097,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) { | ||
39 | bus->fds, bus->n_fds, | ||
40 | NULL, | ||
41 | &t); | ||
42 | - if (r < 0) { | ||
43 | + if (r == -EBADMSG) | ||
44 | + log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description)); | ||
45 | + else if (r < 0) { | ||
46 | free(b); | ||
47 | return r; | ||
48 | } | ||
49 | @@ -1108,7 +1110,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) { | ||
50 | bus->fds = NULL; | ||
51 | bus->n_fds = 0; | ||
52 | |||
53 | - bus->rqueue[bus->rqueue_size++] = t; | ||
54 | + if (t) | ||
55 | + bus->rqueue[bus->rqueue_size++] = t; | ||
56 | |||
57 | return 1; | ||
58 | } | ||
59 | -- | ||
60 | 2.17.1 | ||
61 | |||