From ef4d6abe7c7fab6cbff975b32e76b09feee56074 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Dec 2018 10:48:10 +0100 Subject: [PATCH] journal-remote: set a limit on the number of fields in a message Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is reused for the new error condition (too many fields). This matches the change done for systemd-journald, hence forming the second part of the fix for CVE-2018-16865 (https://bugzilla.redhat.com/show_bug.cgi?id=1653861). [james.hilliard1@gmail.com: backport from upstream commit ef4d6abe7c7fab6cbff975b32e76b09feee56074] Signed-off-by: James Hilliard --- src/journal-remote/journal-remote-main.c | 7 +++++-- src/journal-remote/journal-remote.c | 3 +++ src/shared/journal-importer.c | 5 ++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c index 8543dba..802c3ea 100644 --- a/src/journal-remote/journal-remote-main.c +++ b/src/journal-remote/journal-remote-main.c @@ -222,9 +222,12 @@ static int process_http_upload( if (r == -EAGAIN) break; if (r < 0) { - if (r == -E2BIG) - log_warning_errno(r, "Entry is too above maximum of %u, aborting connection %p.", + if (r == -ENOBUFS) + log_warning_errno(r, "Entry is above the maximum of %u, aborting connection %p.", DATA_SIZE_MAX, connection); + else if (r == -E2BIG) + log_warning_errno(r, "Entry with more fields than the maximum of %u, aborting connection %p.", + ENTRY_FIELD_COUNT_MAX, connection); else log_warning_errno(r, "Failed to process data, aborting connection %p: %m", connection); diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c index 3c0916c..1da32c5 100644 --- a/src/journal-remote/journal-remote.c +++ b/src/journal-remote/journal-remote.c @@ -407,6 +407,9 @@ int journal_remote_handle_raw_source( log_debug("%zu active sources remaining", s->active); return 0; } else if (r == -E2BIG) { + log_notice("Entry with too many fields, skipped"); + return 1; + } else if (r == -ENOBUFS) { log_notice("Entry too big, skipped"); return 1; } else if (r == -EAGAIN) { diff --git a/src/shared/journal-importer.c b/src/shared/journal-importer.c index b0e6192..8638cd3 100644 --- a/src/shared/journal-importer.c +++ b/src/shared/journal-importer.c @@ -23,6 +23,9 @@ enum { }; static int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) { + if (iovw->count >= ENTRY_FIELD_COUNT_MAX) + return -E2BIG; + if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1)) return log_oom(); @@ -97,7 +100,7 @@ static int get_line(JournalImporter *imp, char **line, size_t *size) { imp->scanned = imp->filled; if (imp->scanned >= DATA_SIZE_MAX) - return log_error_errno(SYNTHETIC_ERRNO(E2BIG), + return log_error_errno(SYNTHETIC_ERRNO(ENOBUFS), "Entry is bigger than %u bytes.", DATA_SIZE_MAX); -- 2.7.4