journal-remote: set a limit on the number of fields in a messagegentoo-240

Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is reused for the new error condition (too many fields). This matches the change done for systemd-journald, hence forming the second part of the fix for CVE-2018-16865 (https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2018-12-07 10:48:10 +0100
committer: Mike Gilbert <floppym@gentoo.org> 2019-01-09 10:12:25 -0500
commit: efac6067d4306bf4b93e54a5227ff90c49636468 (patch)
tree: 880292f4954177ba1d9f0e1c98ee66b547222659
parent: journal-remote: verify entry length from header (diff)
download: systemd-gentoo-240.tar.gz
systemd-gentoo-240.tar.bz2
systemd-gentoo-240.zip
3 files changed, 12 insertions, 3 deletions
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index 8543dbac3..802c3ea60 100644
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -222,9 +222,12 @@ static int process_http_upload(
                 if (r == -EAGAIN)
                         break;
                 if (r < 0) {
-                        if (r == -E2BIG)
-                                log_warning_errno(r, "Entry is too above maximum of %u, aborting connection %p.",
+                        if (r == -ENOBUFS)
+                                log_warning_errno(r, "Entry is above the maximum of %u, aborting connection %p.",
                                                   DATA_SIZE_MAX, connection);
+                        else if (r == -E2BIG)
+                                log_warning_errno(r, "Entry with more fields than the maximum of %u, aborting connection %p.",
+                                                  ENTRY_FIELD_COUNT_MAX, connection);
                         else
                                 log_warning_errno(r, "Failed to process data, aborting connection %p: %m",
                                                   connection);
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index 3c0916c43..1da32c5f8 100644
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -407,6 +407,9 @@ int journal_remote_handle_raw_source(
                 log_debug("%zu active sources remaining", s->active);
                 return 0;
         } else if (r == -E2BIG) {
+                log_notice("Entry with too many fields, skipped");
+                return 1;
+        } else if (r == -ENOBUFS) {
                 log_notice("Entry too big, skipped");
                 return 1;
         } else if (r == -EAGAIN) {
diff --git a/src/shared/journal-importer.c b/src/shared/journal-importer.c
index b0e619205..8638cd3cc 100644
--- a/src/shared/journal-importer.c
+++ b/src/shared/journal-importer.c
@@ -23,6 +23,9 @@ enum {
 };
 
 static int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) {
+        if (iovw->count >= ENTRY_FIELD_COUNT_MAX)
+                return -E2BIG;
+
         if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1))
                 return log_oom();
 
@@ -97,7 +100,7 @@ static int get_line(JournalImporter *imp, char **line, size_t *size) {
 
                 imp->scanned = imp->filled;
                 if (imp->scanned >= DATA_SIZE_MAX)
-                        return log_error_errno(SYNTHETIC_ERRNO(E2BIG),
+                        return log_error_errno(SYNTHETIC_ERRNO(ENOBUFS),
                                                "Entry is bigger than %u bytes.",
                                                DATA_SIZE_MAX);
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2018-12-07 10:48:10 +0100
committer	Mike Gilbert <floppym@gentoo.org>	2019-01-09 10:12:25 -0500
commit	efac6067d4306bf4b93e54a5227ff90c49636468 (patch)
tree	880292f4954177ba1d9f0e1c98ee66b547222659
parent	journal-remote: verify entry length from header (diff)
download	systemd-gentoo-240.tar.gz systemd-gentoo-240.tar.bz2 systemd-gentoo-240.zip