From bf34aa04ac5c878df95bb948351db2ece119d4e4 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Apr 07 2021 22:35:32 +0000 Subject: sd-bus: if we receive an invalid dbus message, ignore and proceeed dbus-daemon might have a slightly different idea of what a valid msg is than us (for example regarding valid msg and field sizes). Let's hence try to proceed if we can and thus drop messages rather than fail the connection if we fail to validate a message. Hopefully the differences in what is considered valid are not visible for real-life usecases, but are specific to exploit attempts only. (cherry-picked from commit 6d586a13717ae057aa1b4127400c3de61cd5b9e7) Related: #1678641 patch_name: 0109-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch present_in_specfile: true location_in_specfile: 109 squash_commits: true --- diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c index a5513d1..17cfa8e 100644 --- a/src/libsystemd/sd-bus/bus-socket.c +++ b/src/libsystemd/sd-bus/bus-socket.c @@ -1078,7 +1078,7 @@ static int bus_socket_read_message_need(sd_bus *bus, size_t *need) { } static int bus_socket_make_message(sd_bus *bus, size_t size) { - sd_bus_message *t; + sd_bus_message *t = NULL; void *b; int r; @@ -1103,7 +1103,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) { bus->fds, bus->n_fds, NULL, &t); - if (r < 0) { + if (r == -EBADMSG) + log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description)); + else if (r < 0) { free(b); return r; } @@ -1114,7 +1116,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) { bus->fds = NULL; bus->n_fds = 0; - bus->rqueue[bus->rqueue_size++] = t; + if (t) + bus->rqueue[bus->rqueue_size++] = t; return 1; }