summaryrefslogtreecommitdiff
path: root/sys-apps/systemd/files/CVE-2019-6454/0003-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-apps/systemd/files/CVE-2019-6454/0003-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch')
-rw-r--r--sys-apps/systemd/files/CVE-2019-6454/0003-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch54
1 files changed, 54 insertions, 0 deletions
diff --git a/sys-apps/systemd/files/CVE-2019-6454/0003-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch b/sys-apps/systemd/files/CVE-2019-6454/0003-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
new file mode 100644
index 000000000000..cc03893a588d
--- /dev/null
+++ b/sys-apps/systemd/files/CVE-2019-6454/0003-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
@@ -0,0 +1,54 @@
+From 8d3cea620ab661897fb485ece7332a9073c1783d Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 13 Feb 2019 16:51:22 +0100
+Subject: [PATCH 3/3] sd-bus: if we receive an invalid dbus message, ignore and
+ proceeed
+
+dbus-daemon might have a slightly different idea of what a valid msg is
+than us (for example regarding valid msg and field sizes). Let's hence
+try to proceed if we can and thus drop messages rather than fail the
+connection if we fail to validate a message.
+
+Hopefully the differences in what is considered valid are not visible
+for real-life usecases, but are specific to exploit attempts only.
+---
+ src/libsystemd/sd-bus/bus-socket.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
+index 30d6455b6f..441b4a816f 100644
+--- a/src/libsystemd/sd-bus/bus-socket.c
++++ b/src/libsystemd/sd-bus/bus-socket.c
+@@ -1072,7 +1072,7 @@ static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
+ }
+
+ static int bus_socket_make_message(sd_bus *bus, size_t size) {
+- sd_bus_message *t;
++ sd_bus_message *t = NULL;
+ void *b;
+ int r;
+
+@@ -1097,7 +1097,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
+ bus->fds, bus->n_fds,
+ NULL,
+ &t);
+- if (r < 0) {
++ if (r == -EBADMSG)
++ log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description));
++ else if (r < 0) {
+ free(b);
+ return r;
+ }
+@@ -1108,7 +1110,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
+ bus->fds = NULL;
+ bus->n_fds = 0;
+
+- bus->rqueue[bus->rqueue_size++] = t;
++ if (t)
++ bus->rqueue[bus->rqueue_size++] = t;
+
+ return 1;
+ }
+--
+2.20.1
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-18 18:18:23 +0000