From 29de632674473729d1e9497b6fe47e7c88682ed9 Mon Sep 17 00:00:00 2001 From: Riccardo Schirone Date: Mon, 4 Feb 2019 14:29:09 +0100 Subject: [PATCH 1/3] Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit. Even though the dbus specification does not enforce any length limit on the path of a dbus message, having to analyze too long strings in PID1 may be time-consuming and it may have security impacts. In any case, the limit is set so high that real-life applications should not have a problem with it. --- src/libsystemd/sd-bus/bus-internal.c | 2 +- src/libsystemd/sd-bus/bus-internal.h | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/libsystemd/sd-bus/bus-internal.c b/src/libsystemd/sd-bus/bus-internal.c index 40acae2133..598b7f110c 100644 --- a/src/libsystemd/sd-bus/bus-internal.c +++ b/src/libsystemd/sd-bus/bus-internal.c @@ -43,7 +43,7 @@ bool object_path_is_valid(const char *p) { if (slash) return false; - return true; + return (q - p) <= BUS_PATH_SIZE_MAX; } char* object_path_startswith(const char *a, const char *b) { diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h index f208b294d8..a8d61bf72a 100644 --- a/src/libsystemd/sd-bus/bus-internal.h +++ b/src/libsystemd/sd-bus/bus-internal.h @@ -332,6 +332,10 @@ struct sd_bus { #define BUS_MESSAGE_SIZE_MAX (128*1024*1024) #define BUS_AUTH_SIZE_MAX (64*1024) +/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one + * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however, + * to not clash unnecessarily with real-life applications. */ +#define BUS_PATH_SIZE_MAX (64*1024) #define BUS_CONTAINER_DEPTH 128 -- 2.20.1