journal-remote: set a limit on the number of fields in a message

Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
reused for the new error condition (too many fields).

This matches the change done for systemd-journald, hence forming the second
part of the fix for CVE-2018-16865
(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).

diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index 8543dbac397ff7fa06bbf4a665b16e81ce5b744c..802c3ea6089a88018f2066e919d14e3d35f588bb 100644 (file)
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -222,9 +222,12 @@ static int process_http_upload(
                 if (r == -EAGAIN)
                         break;
                 if (r < 0) {
-                        if (r == -E2BIG)
-                                log_warning_errno(r, "Entry is too above maximum of %u, aborting connection %p.",
+                        if (r == -ENOBUFS)
+                                log_warning_errno(r, "Entry is above the maximum of %u, aborting connection %p.",
                                                   DATA_SIZE_MAX, connection);
+                        else if (r == -E2BIG)
+                                log_warning_errno(r, "Entry with more fields than the maximum of %u, aborting connection %p.",
+                                                  ENTRY_FIELD_COUNT_MAX, connection);
                         else
                                 log_warning_errno(r, "Failed to process data, aborting connection %p: %m",
                                                   connection);

diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index 3c0916c4383236611dc037d77e1f98fa2f865f60..1da32c5f85615300eb380e7ce18190e743510111 100644 (file)
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -407,6 +407,9 @@ int journal_remote_handle_raw_source(
                 log_debug("%zu active sources remaining", s->active);
                 return 0;
         } else if (r == -E2BIG) {
+                log_notice("Entry with too many fields, skipped");
+                return 1;
+        } else if (r == -ENOBUFS) {
                 log_notice("Entry too big, skipped");
                 return 1;
         } else if (r == -EAGAIN) {

diff --git a/src/shared/journal-importer.c b/src/shared/journal-importer.c
index b0e619205d15cf8e3d0d6e828817983ee1ceaca9..8638cd3cc98b07df2196b9dbfa7a1cd0d7acf87d 100644 (file)
--- a/src/shared/journal-importer.c
+++ b/src/shared/journal-importer.c
@@ -23,6 +23,9 @@ enum {
 };
 
 static int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) {
+        if (iovw->count >= ENTRY_FIELD_COUNT_MAX)
+                return -E2BIG;
+
         if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1))
                 return log_oom();
 
@@ -97,7 +100,7 @@ static int get_line(JournalImporter *imp, char **line, size_t *size) {
 
                 imp->scanned = imp->filled;
                 if (imp->scanned >= DATA_SIZE_MAX)
-                        return log_error_errno(SYNTHETIC_ERRNO(E2BIG),
+                        return log_error_errno(SYNTHETIC_ERRNO(ENOBUFS),
                                                "Entry is bigger than %u bytes.",
                                                DATA_SIZE_MAX);