1 |
tmb |
731766 |
From e17a921be676bcc89373ec1a9f368fe8b36f1073 Mon Sep 17 00:00:00 2001 |
2 |
|
|
From: Alban Crequy <alban.crequy@collabora.co.uk> |
3 |
|
|
Date: Mon, 21 Jul 2014 17:34:08 +0100 |
4 |
|
|
Subject: [PATCH 05/10] config: add new limit: pending_fd_timeout |
5 |
|
|
|
6 |
|
|
This is one of four commits needed to address CVE-2014-3637. |
7 |
|
|
|
8 |
|
|
When a file descriptor is passed to dbus-daemon, the associated D-Bus message |
9 |
|
|
might not be fully sent to dbus-daemon yet. Dbus-daemon keeps the file |
10 |
|
|
descriptor in the DBusMessageLoader of the connection, waiting for the rest of |
11 |
|
|
the message. If the client stops sending the remaining bytes, dbus-daemon will |
12 |
|
|
wait forever and keep that file descriptor. |
13 |
|
|
|
14 |
|
|
This patch adds pending_fd_timeout (milliseconds) in the configuration to |
15 |
|
|
disconnect a connection after a timeout when a file descriptor was sent but not |
16 |
|
|
the remaining message. |
17 |
|
|
|
18 |
|
|
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80559 |
19 |
|
|
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> |
20 |
|
|
(cherry picked from commit bbf11cd5f92064c7c8af61ad4d9ff41f3a039abc) |
21 |
|
|
Conflicts: |
22 |
|
|
cmake/bus/dbus-daemon.xml |
23 |
tmb |
792439 |
|
24 |
|
|
[Context changes as default auth_timeout was bumped to 15s (mga#14251) / tmb] |
25 |
|
|
Signed-off-by: Thomas Backlund <tmb@mageia.org> |
26 |
|
|
|
27 |
tmb |
731766 |
--- |
28 |
|
|
bus/bus.c | 6 ++++++ |
29 |
|
|
bus/bus.h | 2 ++ |
30 |
|
|
bus/config-parser.c | 12 ++++++++++++ |
31 |
|
|
bus/session.conf.in | 1 + |
32 |
|
|
cmake/bus/dbus-daemon.xml | 6 +++++- |
33 |
|
|
5 files changed, 26 insertions(+), 1 deletion(-) |
34 |
|
|
|
35 |
|
|
diff --git a/bus/bus.c b/bus/bus.c |
36 |
|
|
index 7ffe772..c4eadc2 100644 |
37 |
|
|
--- a/bus/bus.c |
38 |
|
|
+++ b/bus/bus.c |
39 |
|
|
@@ -1229,6 +1229,12 @@ bus_context_get_auth_timeout (BusContext *context) |
40 |
|
|
} |
41 |
|
|
|
42 |
|
|
int |
43 |
|
|
+bus_context_get_pending_fd_timeout (BusContext *context) |
44 |
|
|
+{ |
45 |
|
|
+ return context->limits.pending_fd_timeout; |
46 |
|
|
+} |
47 |
|
|
+ |
48 |
|
|
+int |
49 |
|
|
bus_context_get_max_completed_connections (BusContext *context) |
50 |
|
|
{ |
51 |
|
|
return context->limits.max_completed_connections; |
52 |
|
|
diff --git a/bus/bus.h b/bus/bus.h |
53 |
|
|
index 400c9d0..7d0b369 100644 |
54 |
|
|
--- a/bus/bus.h |
55 |
|
|
+++ b/bus/bus.h |
56 |
|
|
@@ -54,6 +54,7 @@ typedef struct |
57 |
|
|
long max_message_unix_fds; /**< Max number of unix fds of a single message*/ |
58 |
|
|
int activation_timeout; /**< How long to wait for an activation to time out */ |
59 |
|
|
int auth_timeout; /**< How long to wait for an authentication to time out */ |
60 |
|
|
+ int pending_fd_timeout; /**< How long to wait for a D-Bus message with a fd to time out */ |
61 |
|
|
int max_completed_connections; /**< Max number of authorized connections */ |
62 |
|
|
int max_incomplete_connections; /**< Max number of incomplete connections */ |
63 |
|
|
int max_connections_per_user; /**< Max number of connections auth'd as same user */ |
64 |
|
|
@@ -106,6 +107,7 @@ BusClientPolicy* bus_context_create_client_policy (BusContext |
65 |
|
|
DBusError *error); |
66 |
|
|
int bus_context_get_activation_timeout (BusContext *context); |
67 |
|
|
int bus_context_get_auth_timeout (BusContext *context); |
68 |
|
|
+int bus_context_get_pending_fd_timeout (BusContext *context); |
69 |
|
|
int bus_context_get_max_completed_connections (BusContext *context); |
70 |
|
|
int bus_context_get_max_incomplete_connections (BusContext *context); |
71 |
|
|
int bus_context_get_max_connections_per_user (BusContext *context); |
72 |
|
|
diff --git a/bus/config-parser.c b/bus/config-parser.c |
73 |
|
|
index 95d69a4..897667e 100644 |
74 |
|
|
--- a/bus/config-parser.c |
75 |
|
|
+++ b/bus/config-parser.c |
76 |
|
|
@@ -428,6 +428,11 @@ bus_config_parser_new (const DBusString *basedir, |
77 |
|
|
* password) is allowed, then potentially it has to be quite long. |
78 |
|
|
*/ |
79 |
tmb |
792439 |
parser->limits.auth_timeout = 15000; /* 15 seconds */ |
80 |
tmb |
731766 |
+ |
81 |
|
|
+ /* Do not allow a fd to stay forever in dbus-daemon |
82 |
|
|
+ * https://bugs.freedesktop.org/show_bug.cgi?id=80559 |
83 |
|
|
+ */ |
84 |
|
|
+ parser->limits.pending_fd_timeout = 150000; /* 2.5 minutes */ |
85 |
|
|
|
86 |
|
|
parser->limits.max_incomplete_connections = 64; |
87 |
|
|
parser->limits.max_connections_per_user = 256; |
88 |
|
|
@@ -1891,6 +1896,12 @@ set_limit (BusConfigParser *parser, |
89 |
|
|
must_be_int = TRUE; |
90 |
|
|
parser->limits.auth_timeout = value; |
91 |
|
|
} |
92 |
|
|
+ else if (strcmp (name, "pending_fd_timeout") == 0) |
93 |
|
|
+ { |
94 |
|
|
+ must_be_positive = TRUE; |
95 |
|
|
+ must_be_int = TRUE; |
96 |
|
|
+ parser->limits.pending_fd_timeout = value; |
97 |
|
|
+ } |
98 |
|
|
else if (strcmp (name, "reply_timeout") == 0) |
99 |
|
|
{ |
100 |
|
|
must_be_positive = TRUE; |
101 |
|
|
@@ -3097,6 +3108,7 @@ limits_equal (const BusLimits *a, |
102 |
|
|
|| a->max_message_unix_fds == b->max_message_unix_fds |
103 |
|
|
|| a->activation_timeout == b->activation_timeout |
104 |
|
|
|| a->auth_timeout == b->auth_timeout |
105 |
|
|
+ || a->pending_fd_timeout == b->pending_fd_timeout |
106 |
|
|
|| a->max_completed_connections == b->max_completed_connections |
107 |
|
|
|| a->max_incomplete_connections == b->max_incomplete_connections |
108 |
|
|
|| a->max_connections_per_user == b->max_connections_per_user |
109 |
|
|
diff --git a/bus/session.conf.in b/bus/session.conf.in |
110 |
|
|
index 6ce8503..2ee1c31 100644 |
111 |
|
|
--- a/bus/session.conf.in |
112 |
|
|
+++ b/bus/session.conf.in |
113 |
|
|
@@ -53,6 +53,7 @@ |
114 |
|
|
limit is also relatively low --> |
115 |
|
|
<limit name="service_start_timeout">120000</limit> |
116 |
|
|
<limit name="auth_timeout">240000</limit> |
117 |
|
|
+ <limit name="pending_fd_timeout">150000</limit> |
118 |
|
|
<limit name="max_completed_connections">100000</limit> |
119 |
|
|
<limit name="max_incomplete_connections">10000</limit> |
120 |
|
|
<limit name="max_connections_per_user">100000</limit> |
121 |
|
|
diff --git a/cmake/bus/dbus-daemon.xml b/cmake/bus/dbus-daemon.xml |
122 |
|
|
index f331699..fb517e2 100644 |
123 |
|
|
--- a/cmake/bus/dbus-daemon.xml |
124 |
|
|
+++ b/cmake/bus/dbus-daemon.xml |
125 |
|
|
@@ -401,7 +401,11 @@ Available limit names are:</para> |
126 |
|
|
"auth_timeout" : milliseconds (thousandths) a |
127 |
|
|
connection is given to |
128 |
|
|
authenticate |
129 |
|
|
- "max_completed_connections" : max number of authenticated connections |
130 |
|
|
+ "pending_fd_timeout" : milliseconds (thousandths) a |
131 |
|
|
+ fd is given to be transmitted to |
132 |
|
|
+ dbus-daemon before disconnecting the |
133 |
|
|
+ connection |
134 |
|
|
+ "max_completed_connections" : max number of authenticated connections |
135 |
|
|
"max_incomplete_connections" : max number of unauthenticated |
136 |
|
|
connections |
137 |
|
|
"max_connections_per_user" : max number of completed connections from |
138 |
|
|
-- |
139 |
|
|
2.1.0 |
140 |
|
|
|