mirror of
https://gitlab.freedesktop.org/dbus/dbus.git
synced 2026-01-04 14:20:16 +01:00
6465e37c8f
This addresses CVE-2014-3636. Based on a patch by Alban Crequy. Now that it's the same on all platforms, there's little point in it being set by configure/cmake. This change fixes two distinct denials of service: fd.o#82820, part A ------------------ Before this patch, the system bus had the following default configuration: - max_connections_per_user: 256 - DBUS_DEFAULT_MESSAGE_UNIX_FDS: usually 1024 (or 256 on QNX, see fd.o#61176) as defined by configure.ac - max_incoming_unix_fds: DBUS_DEFAULT_MESSAGE_UNIX_FDS*4 = usually 4096 - max_outgoing_unix_fds: DBUS_DEFAULT_MESSAGE_UNIX_FDS*4 = usually 4096 - max_message_unix_fds: DBUS_DEFAULT_MESSAGE_UNIX_FDS = usually 1024 This means that a single user could create 256 connections and transmit 256*4096 = 1048576 file descriptors. The file descriptors stay attached to the dbus-daemon process while they are in the message loader, in the outgoing queue or waiting to be dispatched before D-Bus activation. dbus-daemon is usually limited to 65536 file descriptors (ulimit -n). If the limit is reached and dbus-daemon needs to receive a message with a file descriptor attached, this is signalled by recvfrom with the flag MSG_CTRUNC. Dbus-daemon cannot recover from that error because the kernel does not have any API to retrieve a file descriptor which has been discarded with MSG_CTRUNC. Therefore, it closes the connection of the sender. This is not necessarily the connection which generated the most file descriptors so it can lead to denial-of-service attacks. In order to prevent DoS issues, this patch reduces DEFAULT_MESSAGE_UNIX_FDS to 16: max_connections_per_user * max_incoming_unix_fds = 256 * 64 = 16384 This is less than the usual "ulimit -n" (65536) with a good margin to accomodate the other sources of file descriptors (stdin/stdout/stderr, listening sockets, message loader, etc.). Distributors on non-Linux may need to configure a smaller limit in system.conf, if their limit on the number of fds is smaller than Linux's. fd.o#82820, part B ------------------ On Linux, it's not possible to send more than 253 fds in a single sendmsg() call: sendmsg() would return -EINVAL. #define SCM_MAX_FD 253 SCM_MAX_FD changed value during Linux history: - it used to be (OPEN_MAX-1) - commit c09edd6eb (Jul 2007) changed it to 255 - commit bba14de98 (Nov 2010) changed it to 253 Libdbus always sends all of a message's fds, and the beginning of the message itself, in a single sendmsg() call. Combining these two, a malicious sender could split a message across two or more sendmsg() calls to construct a composite message with 254 or more fds. When dbus-daemon attempted to relay that message to its recipient in a single sendmsg() call, it would receive EINVAL, interpret that as a fatal socket error and disconnect the recipient, resulting in denial of service. This is fixed by keeping max_message_unix_fds <= SCM_MAX_FD. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=82820 Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
251 lines
5.9 KiB
CMake
251 lines
5.9 KiB
CMake
/* config.h. Generated by cmake from config.h.cmake */
|
|
|
|
#ifndef _DBUS_CONFIG_H
|
|
#define _DBUS_CONFIG_H
|
|
/****************************/
|
|
/* indicate that we are building with cmake */
|
|
#define DBUS_CMAKE 1
|
|
|
|
@AUTOPACKAGE_CONFIG_H_TEMPLATE@
|
|
|
|
/*
|
|
* Variables defined by AC_DEFINE in ../configure.ac
|
|
* should be placed in this file
|
|
*/
|
|
#cmakedefine HAVE_GNUC_VARARGS 1
|
|
|
|
#cmakedefine DBUS_CONSOLE_AUTH_DIR "@DBUS_CONSOLE_AUTH_DIR@"
|
|
#cmakedefine DBUS_DATADIR "@DBUS_DATADIR@"
|
|
#cmakedefine DBUS_BINDIR "@DBUS_BINDIR@"
|
|
#cmakedefine DBUS_SYSTEM_CONFIG_FILE "@DBUS_SYSTEM_CONFIG_FILE@"
|
|
#cmakedefine DBUS_SESSION_CONFIG_FILE "@DBUS_SESSION_CONFIG_FILE@"
|
|
#cmakedefine DBUS_DAEMON_NAME "@DBUS_DAEMON_NAME@"
|
|
#cmakedefine DBUS_SYSTEM_BUS_DEFAULT_ADDRESS "@DBUS_SYSTEM_BUS_DEFAULT_ADDRESS@"
|
|
#cmakedefine DBUS_SESSION_BUS_CONNECT_ADDRESS "@DBUS_SESSION_BUS_CONNECT_ADDRESS@"
|
|
#cmakedefine DBUS_MACHINE_UUID_FILE "@DBUS_MACHINE_UUID_FILE@"
|
|
#cmakedefine DBUS_DAEMONDIR "@DBUS_DAEMONDIR@"
|
|
|
|
#cmakedefine DBUS_ENABLE_STATS
|
|
|
|
#define TEST_LISTEN "@TEST_LISTEN@"
|
|
|
|
// test binaries
|
|
#define DBUS_TEST_EXEC "@DBUS_TEST_EXEC@"
|
|
#define DBUS_EXEEXT "@EXEEXT@"
|
|
#cmakedefine TEST_BUS_LAUNCH_BINARY "@TEST_BUS_LAUNCH_BINARY@"
|
|
|
|
/* Some dbus features */
|
|
#cmakedefine DBUS_ENABLE_ANSI 1
|
|
#cmakedefine DBUS_ENABLE_VERBOSE_MODE 1
|
|
#cmakedefine DBUS_DISABLE_ASSERT 1
|
|
#ifndef DBUS_DISABLE_ASSERT
|
|
# define DBUS_ENABLE_ASSERT 1
|
|
#endif
|
|
#cmakedefine DBUS_DISABLE_CHECKS 1
|
|
#ifndef DBUS_DISABLE_CHECKS
|
|
# define DBUS_ENABLE_CHECKS 1
|
|
#endif
|
|
/* xmldocs */
|
|
/* doxygen */
|
|
#cmakedefine DBUS_GCOV_ENABLED 1
|
|
|
|
/* abstract-sockets */
|
|
|
|
#cmakedefine HAVE_ABSTRACT_SOCKETS 1
|
|
|
|
#cmakedefine DBUS_PATH_OR_ABSTRACT_VALUE 1
|
|
|
|
#if (defined DBUS_PATH_OR_ABSTRACT_VALUE)
|
|
#define DBUS_PATH_OR_ABSTRACT @DBUS_PATH_OR_ABSTRACT_VALUE@
|
|
#endif
|
|
|
|
#ifdef DBUS_PATH_OR_ABSTRACT_VALUE
|
|
#undef DBUS_PATH_OR_ABSTRACT_VALUE
|
|
#endif
|
|
|
|
/* selinux */
|
|
/* kqueue */
|
|
#cmakedefine HAVE_CONSOLE_OWNER_FILE 1
|
|
#define DBUS_CONSOLE_OWNER_FILE "@DBUS_CONSOLE_OWNER_FILE@"
|
|
|
|
#cmakedefine DBUS_HAVE_ATOMIC_INT 1
|
|
#cmakedefine DBUS_USE_ATOMIC_INT_486 1
|
|
#if (defined(__i386__) || defined(__x86_64__))
|
|
# define DBUS_HAVE_ATOMIC_INT 1
|
|
# define DBUS_USE_ATOMIC_INT_486 1
|
|
#endif
|
|
|
|
#cmakedefine DBUS_BUILD_X11 1
|
|
/* For the moment, the cmake build system doesn't have an equivalent of
|
|
* the autoconf build system's --disable-x11-autolaunch */
|
|
#ifdef DBUS_BUILD_X11
|
|
# define DBUS_ENABLE_X11_AUTOLAUNCH 1
|
|
#endif
|
|
|
|
#define _DBUS_VA_COPY_ASSIGN(a1,a2) { a1 = a2; }
|
|
|
|
#cmakedefine DBUS_VA_COPY_FUNC
|
|
#if (defined DBUS_VA_COPY_FUNC)
|
|
# define DBUS_VA_COPY @DBUS_VA_COPY_FUNC@
|
|
#endif
|
|
|
|
#ifdef DBUS_VA_COPY_FUNC
|
|
#undef DBUS_VA_COPY_FUNC
|
|
#endif
|
|
|
|
#cmakedefine DBUS_VA_COPY_AS_ARRAY @DBUS_VA_COPY_AS_ARRAY@
|
|
|
|
// headers
|
|
/* Define to 1 if you have dirent.h */
|
|
#cmakedefine HAVE_DIRENT_H 1
|
|
|
|
/* Define to 1 if you have io.h */
|
|
#cmakedefine HAVE_IO_H 1
|
|
|
|
/* Define to 1 if you have grp.h */
|
|
#cmakedefine HAVE_GRP_H 1
|
|
|
|
/* Define to 1 if you have sys/poll.h */
|
|
#cmakedefine HAVE_POLL 1
|
|
|
|
/* Define to 1 if you have sys/time.h */
|
|
#cmakedefine HAVE_SYS_TIME 1
|
|
|
|
/* Define to 1 if you have sys/wait.h */
|
|
#cmakedefine HAVE_SYS_WAIT 1
|
|
|
|
/* Define to 1 if you have time.h */
|
|
#cmakedefine HAVE_TIME_H 1
|
|
|
|
/* Define to 1 if you have ws2tcpip.h */
|
|
#cmakedefine HAVE_WS2TCPIP_H
|
|
|
|
/* Define to 1 if you have unistd.h */
|
|
#cmakedefine HAVE_UNISTD_H 1
|
|
|
|
/* Define to 1 if you have stdio.h */
|
|
#cmakedefine HAVE_STDIO_H 1
|
|
|
|
/* Define to 1 if you have sys/syslimits.h */
|
|
#cmakedefine HAVE_SYS_SYSLIMITS_H 1
|
|
|
|
/* Define to 1 if you have errno.h */
|
|
#cmakedefine HAVE_ERRNO_H 1
|
|
|
|
/* Define to 1 if you have signal.h */
|
|
#cmakedefine HAVE_SIGNAL_H 1
|
|
|
|
/* Define to 1 if you have locale.h */
|
|
#cmakedefine HAVE_LOCALE_H 1
|
|
|
|
/* Define to 1 if you have inttypes.h */
|
|
#cmakedefine HAVE_INTTYPES_H 1
|
|
|
|
/* Define to 1 if you have stdint.h */
|
|
#cmakedefine HAVE_STDINT_H 1
|
|
|
|
// symbols
|
|
/* Define to 1 if you have backtrace */
|
|
#cmakedefine HAVE_BACKTRACE 1
|
|
|
|
/* Define to 1 if you have getgrouplist */
|
|
#cmakedefine HAVE_GETGROUPLIST 1
|
|
|
|
/* Define to 1 if you have getpeerucred */
|
|
#cmakedefine HAVE_GETPEERUCRED 1
|
|
|
|
/* Define to 1 if you have nanosleep */
|
|
#cmakedefine HAVE_NANOSLEEP 1
|
|
|
|
/* Define to 1 if you have getpwnam_r */
|
|
#cmakedefine HAVE_POSIX_GETPWNAM_R 1
|
|
|
|
/* Define to 1 if you have socketpair */
|
|
#cmakedefine HAVE_SOCKETPAIR 1
|
|
|
|
/* Define to 1 if you have setenv */
|
|
#cmakedefine HAVE_SETENV 1
|
|
|
|
/* Define to 1 if you have unsetenv */
|
|
#cmakedefine HAVE_UNSETENV 1
|
|
|
|
/* Define to 1 if you have clearenv */
|
|
#cmakedefine HAVE_CLEARENV 1
|
|
|
|
/* Define to 1 if you have writev */
|
|
#cmakedefine HAVE_WRITEV 1
|
|
|
|
/* Define to 1 if you have socklen_t */
|
|
#cmakedefine HAVE_SOCKLEN_T 1
|
|
|
|
/* Define to 1 if you have setlocale */
|
|
#cmakedefine HAVE_SETLOCALE 1
|
|
|
|
/* Define to 1 if you have localeconv */
|
|
#cmakedefine HAVE_LOCALECONV 1
|
|
|
|
/* Define to 1 if you have strtoll */
|
|
#cmakedefine HAVE_STRTOLL 1
|
|
|
|
/* Define to 1 if you have strtoull */
|
|
#cmakedefine HAVE_STRTOULL 1
|
|
|
|
// structs
|
|
/* Define to 1 if you have struct cmsgred */
|
|
#cmakedefine HAVE_CMSGCRED 1
|
|
|
|
#cmakedefine FD_SETSIZE @FD_SETSIZE@
|
|
|
|
// system type defines
|
|
#if defined(_WIN32) || defined(_WIN64) || defined (_WIN32_WCE)
|
|
# define DBUS_WIN
|
|
# define DBUS_WIN_FIXME 1
|
|
# ifdef _WIN32_WCE
|
|
# define DBUS_WINCE
|
|
# else
|
|
# define DBUS_WIN32
|
|
# endif
|
|
#else
|
|
# define DBUS_UNIX
|
|
#endif
|
|
|
|
#if defined(_WIN32) || defined(_WIN64)
|
|
// mingw mode_t
|
|
# ifdef HAVE_STDIO_H
|
|
# include <stdio.h>
|
|
# endif
|
|
# ifndef _MSC_VER
|
|
# define uid_t int
|
|
# define gid_t int
|
|
# else
|
|
# define snprintf _snprintf
|
|
typedef int mode_t;
|
|
# if !defined(_WIN32_WCE)
|
|
# define strtoll _strtoi64
|
|
# define strtoull _strtoui64
|
|
# define HAVE_STRTOLL 1
|
|
# define HAVE_STRTOULL 1
|
|
# endif
|
|
# endif
|
|
#endif // defined(_WIN32) || defined(_WIN64)
|
|
|
|
#ifdef interface
|
|
#undef interface
|
|
#endif
|
|
|
|
#ifndef SIGHUP
|
|
#define SIGHUP 1
|
|
#endif
|
|
|
|
#cmakedefine DBUS_VERBOSE_C_S 1
|
|
#ifdef DBUS_VERBOSE_C_S
|
|
#define _dbus_verbose_C_S printf
|
|
#else
|
|
#define _dbus_verbose_C_S _dbus_verbose
|
|
#endif
|
|
|
|
# if defined(_MSC_VER) && !defined(inline)
|
|
#define inline __inline
|
|
#endif
|
|
|
|
#endif // _DBUS_CONFIG_H
|