diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-09-15 19:20:03 +0100 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-09-15 19:20:03 +0100 |
commit | 346da99f7620e6901e7c7babd4590fcc5aac32bf (patch) | |
tree | 910dc072f5f429f9aa928d76e6daa29ef6e6c3b4 | |
parent | 6060aaa0ea1e9bbe1dd7a1864c8df52e333a45ee (diff) |
config: add new limit: pending_fd_timeout
When a file descriptor is passed to dbus-daemon, the associated D-Bus message
might not be fully sent to dbus-daemon yet. Dbus-daemon keeps the file
descriptor in the DBusMessageLoader of the connection, waiting for the rest of
the message. If the client stops sending the remaining bytes, dbus-daemon will
wait forever and keep that file descriptor.
This patch adds pending_fd_timeout (milliseconds) in the configuration to
disconnect a connection after a timeout when a file descriptor was sent but not
the remaining message.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80559
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Conflicts:
cmake/bus/dbus-daemon.xml
-rw-r--r-- | bus/config-parser.c | 6 | ||||
-rw-r--r-- | bus/session.conf.in | 3 | ||||
-rw-r--r-- | dbus/dbus-message.c | 3 | ||||
-rw-r--r-- | dbus/dbus-sysdeps.h | 8 |
4 files changed, 15 insertions, 5 deletions
diff --git a/bus/config-parser.c b/bus/config-parser.c index e4a02628..cc29ef44 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -413,9 +413,9 @@ bus_config_parser_new (const DBusString *basedir, maximum number of file descriptors we can receive. Picking a high value here thus translates directly to more memory allocation. */ - parser->limits.max_incoming_unix_fds = 1024*4; - parser->limits.max_outgoing_unix_fds = 1024*4; - parser->limits.max_message_unix_fds = 1024; + parser->limits.max_incoming_unix_fds = DBUS_DEFAULT_MESSAGE_UNIX_FDS*4; + parser->limits.max_outgoing_unix_fds = DBUS_DEFAULT_MESSAGE_UNIX_FDS*4; + parser->limits.max_message_unix_fds = DBUS_DEFAULT_MESSAGE_UNIX_FDS; /* Making this long means the user has to wait longer for an error * message if something screws up, but making it too short means diff --git a/bus/session.conf.in b/bus/session.conf.in index e121ff93..6ce8503a 100644 --- a/bus/session.conf.in +++ b/bus/session.conf.in @@ -49,7 +49,8 @@ <limit name="max_outgoing_bytes">1000000000</limit> <limit name="max_outgoing_unix_fds">250000000</limit> <limit name="max_message_size">1000000000</limit> - <limit name="max_message_unix_fds">4096</limit> + <!-- We do not override max_message_unix_fds here since the in-kernel + limit is also relatively low --> <limit name="service_start_timeout">120000</limit> <limit name="auth_timeout">240000</limit> <limit name="max_completed_connections">100000</limit> diff --git a/dbus/dbus-message.c b/dbus/dbus-message.c index fc61ae71..b0c641ea 100644 --- a/dbus/dbus-message.c +++ b/dbus/dbus-message.c @@ -35,6 +35,7 @@ #include "dbus-list.h" #include "dbus-threads-internal.h" #ifdef HAVE_UNIX_FD_PASSING +#include "dbus-sysdeps.h" #include "dbus-sysdeps-unix.h" #endif @@ -3802,7 +3803,7 @@ _dbus_message_loader_new (void) SCM_RIGHTS works we need to preallocate an fd array of the maximum number of unix fds we want to receive in advance. A try-and-reallocate loop is not possible. */ - loader->max_message_unix_fds = 1024; + loader->max_message_unix_fds = DBUS_DEFAULT_MESSAGE_UNIX_FDS; if (!_dbus_string_init (&loader->data)) { diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h index df4c5e00..64b63635 100644 --- a/dbus/dbus-sysdeps.h +++ b/dbus/dbus-sysdeps.h @@ -537,6 +537,14 @@ void _dbus_request_file_descriptor_limit (unsigned int limit); const char * _dbus_replace_install_prefix (const char *configure_time_path); +/* Do not set this too high: it is a denial-of-service risk. + * See <https://bugs.freedesktop.org/show_bug.cgi?id=82820> + * + * (This needs to be in the non-Unix-specific header so that + * the config-parser can use it.) + */ +#define DBUS_DEFAULT_MESSAGE_UNIX_FDS 16 + /** @} */ DBUS_END_DECLS |