diff options
| author | James Hilliard <james.hilliard1@gmail.com> | 2019-01-13 20:01:10 +0800 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2019-01-16 13:57:08 +0100 |
| commit | f4d3d62b1014f63c028a1ed1089f533bfb249ccb (patch) | |
| tree | 33bd1c1de3631f87e03962a3c81e3a0f9b69d297 /package/systemd/0012-journal-remote-set-a-limit-on-the-number-of-fields-i.patch | |
| parent | 1d7031b31e8cbf855981c1b4993a2f0567cc6c27 (diff) | |
| download | buildroot-f4d3d62b1014f63c028a1ed1089f533bfb249ccb.tar.gz buildroot-f4d3d62b1014f63c028a1ed1089f533bfb249ccb.zip | |
package/systemd: add upstream fix for CVE-2018-16865
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/systemd/0012-journal-remote-set-a-limit-on-the-number-of-fields-i.patch')
| -rw-r--r-- | package/systemd/0012-journal-remote-set-a-limit-on-the-number-of-fields-i.patch | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/package/systemd/0012-journal-remote-set-a-limit-on-the-number-of-fields-i.patch b/package/systemd/0012-journal-remote-set-a-limit-on-the-number-of-fields-i.patch new file mode 100644 index 0000000000..e0aae98d90 --- /dev/null +++ b/package/systemd/0012-journal-remote-set-a-limit-on-the-number-of-fields-i.patch @@ -0,0 +1,81 @@ +From ef4d6abe7c7fab6cbff975b32e76b09feee56074 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Fri, 7 Dec 2018 10:48:10 +0100 +Subject: [PATCH] journal-remote: set a limit on the number of fields in a + message + +Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is +reused for the new error condition (too many fields). + +This matches the change done for systemd-journald, hence forming the second +part of the fix for CVE-2018-16865 +(https://bugzilla.redhat.com/show_bug.cgi?id=1653861). + +[james.hilliard1@gmail.com: backport from upstream commit +ef4d6abe7c7fab6cbff975b32e76b09feee56074] +Signed-off-by: James Hilliard <james.hilliard1@gmail.com> +--- + src/journal-remote/journal-remote-main.c | 7 +++++-- + src/journal-remote/journal-remote.c | 3 +++ + src/shared/journal-importer.c | 5 ++++- + 3 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c +index 8543dba..802c3ea 100644 +--- a/src/journal-remote/journal-remote-main.c ++++ b/src/journal-remote/journal-remote-main.c +@@ -222,9 +222,12 @@ static int process_http_upload( + if (r == -EAGAIN) + break; + if (r < 0) { +- if (r == -E2BIG) +- log_warning_errno(r, "Entry is too above maximum of %u, aborting connection %p.", ++ if (r == -ENOBUFS) ++ log_warning_errno(r, "Entry is above the maximum of %u, aborting connection %p.", + DATA_SIZE_MAX, connection); ++ else if (r == -E2BIG) ++ log_warning_errno(r, "Entry with more fields than the maximum of %u, aborting connection %p.", ++ ENTRY_FIELD_COUNT_MAX, connection); + else + log_warning_errno(r, "Failed to process data, aborting connection %p: %m", + connection); +diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c +index 3c0916c..1da32c5 100644 +--- a/src/journal-remote/journal-remote.c ++++ b/src/journal-remote/journal-remote.c +@@ -407,6 +407,9 @@ int journal_remote_handle_raw_source( + log_debug("%zu active sources remaining", s->active); + return 0; + } else if (r == -E2BIG) { ++ log_notice("Entry with too many fields, skipped"); ++ return 1; ++ } else if (r == -ENOBUFS) { + log_notice("Entry too big, skipped"); + return 1; + } else if (r == -EAGAIN) { +diff --git a/src/shared/journal-importer.c b/src/shared/journal-importer.c +index b0e6192..8638cd3 100644 +--- a/src/shared/journal-importer.c ++++ b/src/shared/journal-importer.c +@@ -23,6 +23,9 @@ enum { + }; + + static int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) { ++ if (iovw->count >= ENTRY_FIELD_COUNT_MAX) ++ return -E2BIG; ++ + if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1)) + return log_oom(); + +@@ -97,7 +100,7 @@ static int get_line(JournalImporter *imp, char **line, size_t *size) { + + imp->scanned = imp->filled; + if (imp->scanned >= DATA_SIZE_MAX) +- return log_error_errno(SYNTHETIC_ERRNO(E2BIG), ++ return log_error_errno(SYNTHETIC_ERRNO(ENOBUFS), + "Entry is bigger than %u bytes.", + DATA_SIZE_MAX); + +-- +2.7.4 + |
