Date: Tue, 19 Feb 2019 16:48:58 +0000 From: Simon McVittie <smcv@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message On Mon, 18 Feb 2019 at 17:41:56 +0100, Chris Coulson wrote: > According to the dbus specification, the path "may be of any > length" (with the length being represented on the wire by a uint32), > but systemd seems to limit the size of incoming messages to 128MB > (BUS_MESSAGE_SIZE_MAX). D-Bus is a protocol and dbus is the reference implementation of the D-Bus protocol, so it's really the D-Bus specification. The 128M limit also comes from the D-Bus Specification, which isn't always as good as it might be about taking a rule from one part of the spec and noting its consequences in another part (patches welcome). The intention is that wherever rules rule1 and rule2 overlap, messages must obey (rule1 && rule2) - so for instance when a string or path can be any 32-bit length, a string or path is part of a message, and a message is up to 128M, the practical result is that the longest possible string or path is a bit less than 128M. > From testing on Ubuntu 18.10, it seems that the > real limit is actually much less than this - dbus-daemon drops the > connection when I try to send a message with an object path greater than > about 32MB. This lower limit is `dbus-daemon --system` policy/configuration to mitigate/limit denial-of-service attacks by resource exhaustion (and accidentally also mitigation for attacks like this one, although I don't think that was ever intentional) - part of dbus, the reference implementation of D-Bus, rather than part of the D-Bus spec. It can differ in other implementations like dbus-broker and gdbus-daemon, and it can also be changed by distros or sysadmins. smcv
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.