+++ /dev/null
---- a/src/libsystemd/sd-bus/bus-internal.c
-+++ b/src/libsystemd/sd-bus/bus-internal.c
-@@ -45,7 +45,7 @@
- if (slash)
- return false;
-
-- return true;
-+ return (q - p) <= BUS_PATH_SIZE_MAX;
- }
-
- char* object_path_startswith(const char *a, const char *b) {
---- a/src/libsystemd/sd-bus/bus-internal.h
-+++ b/src/libsystemd/sd-bus/bus-internal.h
-@@ -333,6 +333,10 @@
-
- #define BUS_MESSAGE_SIZE_MAX (128*1024*1024)
- #define BUS_AUTH_SIZE_MAX (64*1024)
-+/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one
-+ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however,
-+ * to not clash unnecessarily with real-life applications. */
-+#define BUS_PATH_SIZE_MAX (64*1024)
-
- #define BUS_CONTAINER_DEPTH 128
-
---- a/src/libsystemd/sd-bus/bus-objects.c
-+++ b/src/libsystemd/sd-bus/bus-objects.c
-@@ -1134,7 +1134,8 @@
- const char *path,
- sd_bus_error *error) {
-
-- char *prefix;
-+ _cleanup_free_ char *prefix = NULL;
-+ size_t pl;
- int r;
-
- assert(bus);
-@@ -1150,7 +1151,12 @@
- return 0;
-
- /* Second, add fallback vtables registered for any of the prefixes */
-- prefix = alloca(strlen(path) + 1);
-+ pl = strlen(path);
-+ assert(pl <= BUS_PATH_SIZE_MAX);
-+ prefix = new(char, pl + 1);
-+ if (!prefix)
-+ return -ENOMEM;
-+
- OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
- r = object_manager_serialize_path(bus, reply, prefix, path, true, error);
- if (r < 0)
-@@ -1346,6 +1352,7 @@
- }
-
- int bus_process_object(sd_bus *bus, sd_bus_message *m) {
-+ _cleanup_free_ char *prefix = NULL;
- int r;
- size_t pl;
- bool found_object = false;
-@@ -1370,9 +1377,12 @@
- assert(m->member);
-
- pl = strlen(m->path);
-- do {
-- char prefix[pl+1];
-+ assert(pl <= BUS_PATH_SIZE_MAX);
-+ prefix = new(char, pl + 1);
-+ if (!prefix)
-+ return -ENOMEM;
-
-+ do {
- bus->nodes_modified = false;
-
- r = object_find_and_run(bus, m, m->path, false, &found_object);
-@@ -1499,9 +1509,15 @@
-
- n = hashmap_get(bus->nodes, path);
- if (!n) {
-- char *prefix;
-+ _cleanup_free_ char *prefix = NULL;
-+ size_t pl;
-+
-+ pl = strlen(path);
-+ assert(pl <= BUS_PATH_SIZE_MAX);
-+ prefix = new(char, pl + 1);
-+ if (!prefix)
-+ return -ENOMEM;
-
-- prefix = alloca(strlen(path) + 1);
- OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
- n = hashmap_get(bus->nodes, prefix);
- if (n)
-@@ -2091,8 +2107,9 @@
- char **names) {
-
- BUS_DONT_DESTROY(bus);
-+ _cleanup_free_ char *prefix = NULL;
- bool found_interface = false;
-- char *prefix;
-+ size_t pl;
- int r;
-
- assert_return(bus, -EINVAL);
-@@ -2111,6 +2128,12 @@
- if (names && names[0] == NULL)
- return 0;
-
-+ pl = strlen(path);
-+ assert(pl <= BUS_PATH_SIZE_MAX);
-+ prefix = new(char, pl + 1);
-+ if (!prefix)
-+ return -ENOMEM;
-+
- do {
- bus->nodes_modified = false;
-
-@@ -2120,7 +2143,6 @@
- if (bus->nodes_modified)
- continue;
-
-- prefix = alloca(strlen(path) + 1);
- OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
- r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names);
- if (r != 0)
-@@ -2252,7 +2274,8 @@
-
- static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
- _cleanup_set_free_ Set *s = NULL;
-- char *prefix;
-+ _cleanup_free_ char *prefix = NULL;
-+ size_t pl;
- int r;
-
- assert(bus);
-@@ -2297,7 +2320,12 @@
- if (bus->nodes_modified)
- return 0;
-
-- prefix = alloca(strlen(path) + 1);
-+ pl = strlen(path);
-+ assert(pl <= BUS_PATH_SIZE_MAX);
-+ prefix = new(char, pl + 1);
-+ if (!prefix)
-+ return -ENOMEM;
-+
- OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
- r = object_added_append_all_prefix(bus, m, s, prefix, path, true);
- if (r < 0)
-@@ -2436,7 +2464,8 @@
-
- static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
- _cleanup_set_free_ Set *s = NULL;
-- char *prefix;
-+ _cleanup_free_ char *prefix = NULL;
-+ size_t pl;
- int r;
-
- assert(bus);
-@@ -2468,7 +2497,12 @@
- if (bus->nodes_modified)
- return 0;
-
-- prefix = alloca(strlen(path) + 1);
-+ pl = strlen(path);
-+ assert(pl <= BUS_PATH_SIZE_MAX);
-+ prefix = new(char, pl + 1);
-+ if (!prefix)
-+ return -ENOMEM;
-+
- OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
- r = object_removed_append_all_prefix(bus, m, s, prefix, path, true);
- if (r < 0)
-@@ -2618,7 +2652,8 @@
- const char *path,
- const char *interface) {
-
-- char *prefix;
-+ _cleanup_free_ char *prefix = NULL;
-+ size_t pl;
- int r;
-
- assert(bus);
-@@ -2632,7 +2667,12 @@
- if (bus->nodes_modified)
- return 0;
-
-- prefix = alloca(strlen(path) + 1);
-+ pl = strlen(path);
-+ assert(pl <= BUS_PATH_SIZE_MAX);
-+ prefix = new(char, pl + 1);
-+ if (!prefix)
-+ return -ENOMEM;
-+
- OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
- r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true);
- if (r != 0)
-
-
-
projects / gentoo.git / commitdiff