aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2018-12-07 10:48:10 +0100
committerMike Gilbert <floppym@gentoo.org>2019-01-09 10:11:48 -0500
commit924fe0e92cc7fffe60574b6f638ab9b3992d1980 (patch)
tree2ef536193420a41ca67adc563b419708f35c9914
parentjournal-remote: verify entry length from header (diff)
downloadsystemd-924fe0e92cc7fffe60574b6f638ab9b3992d1980.tar.gz
systemd-924fe0e92cc7fffe60574b6f638ab9b3992d1980.tar.bz2
systemd-924fe0e92cc7fffe60574b6f638ab9b3992d1980.zip
journal-remote: set a limit on the number of fields in a messagegentoo-239
Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is reused for the new error condition (too many fields). This matches the change done for systemd-journald, hence forming the second part of the fix for CVE-2018-16865 (https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
-rw-r--r--src/basic/journal-importer.c5
-rw-r--r--src/journal-remote/journal-remote-main.c7
-rw-r--r--src/journal-remote/journal-remote.c5
3 files changed, 13 insertions, 4 deletions
diff --git a/src/basic/journal-importer.c b/src/basic/journal-importer.c
index ca203bbbf..3ac55a66d 100644
--- a/src/basic/journal-importer.c
+++ b/src/basic/journal-importer.c
@@ -23,6 +23,9 @@ enum {
};
static int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) {
+ if (iovw->count >= ENTRY_FIELD_COUNT_MAX)
+ return -E2BIG;
+
if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1))
return log_oom();
@@ -98,7 +101,7 @@ static int get_line(JournalImporter *imp, char **line, size_t *size) {
imp->scanned = imp->filled;
if (imp->scanned >= DATA_SIZE_MAX) {
log_error("Entry is bigger than %u bytes.", DATA_SIZE_MAX);
- return -E2BIG;
+ return -ENOBUFS;
}
if (imp->passive_fd)
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index e9b3702e8..5b0bbba31 100644
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -211,9 +211,12 @@ static int process_http_upload(
if (r == -EAGAIN)
break;
if (r < 0) {
- if (r == -E2BIG)
- log_warning_errno(r, "Entry is too above maximum of %u, aborting connection %p.",
+ if (r == -ENOBUFS)
+ log_warning_errno(r, "Entry is above the maximum of %u, aborting connection %p.",
DATA_SIZE_MAX, connection);
+ else if (r == -E2BIG)
+ log_warning_errno(r, "Entry with more fields than the maximum of %u, aborting connection %p.",
+ ENTRY_FIELD_COUNT_MAX, connection);
else
log_warning_errno(r, "Failed to process data, aborting connection %p: %m",
connection);
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index beb75a1cb..67e3a70c0 100644
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -408,7 +408,10 @@ int journal_remote_handle_raw_source(
log_debug("%zu active sources remaining", s->active);
return 0;
} else if (r == -E2BIG) {
- log_notice_errno(E2BIG, "Entry too big, skipped");
+ log_notice("Entry with too many fields, skipped");
+ return 1;
+ } else if (r == -ENOBUFS) {
+ log_notice("Entry too big, skipped");
return 1;
} else if (r == -EAGAIN) {
return 0;