From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 30 Apr 2026 09:59:26 +0000 (+0200)
Subject: dbus-manager: limit the number of states/patterns per query
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb357bfff8685c10e7b1f6365b3a80cd792f0336;p=thirdparty%2Fsystemd.git

dbus-manager: limit the number of states/patterns per query

Let's cap the number of states/patterns per query to something
reasonable, i.e. max 256 states and 4K patterns per query.
---

diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 076a26c6fd1..37b38c6ae9e 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -1251,6 +1251,14 @@ static int list_units_filtered(sd_bus_message *message, void *userdata, sd_bus_e
 
         /* Anyone can call this method */
 
+        if (strv_length(states) > MANAGER_MAX_STATES_PER_CALL)
+                return sd_bus_error_set(reterr_error, SD_BUS_ERROR_LIMITS_EXCEEDED,
+                                        "Too many states in a single query.");
+
+        if (strv_length(patterns) > MANAGER_MAX_PATTERNS_PER_CALL)
+                return sd_bus_error_set(reterr_error, SD_BUS_ERROR_LIMITS_EXCEEDED,
+                                        "Too many patterns in a single query.");
+
         r = sd_bus_message_new_method_return(message, &reply);
         if (r < 0)
                 return r;
@@ -1434,6 +1442,10 @@ static int dump_impl(
 
         assert(message);
 
+        if (strv_length(patterns) > MANAGER_MAX_PATTERNS_PER_CALL)
+                return sd_bus_error_set(reterr_error, SD_BUS_ERROR_LIMITS_EXCEEDED,
+                                        "Too many patterns in a single query.");
+
         /* 'status' access is the bare minimum always needed for this, as the policy might straight out
          * forbid a client from querying any information from systemd, regardless of any rate limiting. */
         r = mac_selinux_access_check(message, "status", reterr_error);
@@ -2177,6 +2189,14 @@ static int list_unit_files_by_patterns(sd_bus_message *message, void *userdata,
 
         /* Anyone can call this method */
 
+        if (strv_length(states) > MANAGER_MAX_STATES_PER_CALL)
+                return sd_bus_error_set(reterr_error, SD_BUS_ERROR_LIMITS_EXCEEDED,
+                                        "Too many states in a single query.");
+
+        if (strv_length(patterns) > MANAGER_MAX_PATTERNS_PER_CALL)
+                return sd_bus_error_set(reterr_error, SD_BUS_ERROR_LIMITS_EXCEEDED,
+                                        "Too many patterns in a single query.");
+
         r = mac_selinux_access_check(message, "status", reterr_error);
         if (r < 0)
                 return r;
diff --git a/src/core/manager.h b/src/core/manager.h
index 7d58c330a1b..3bb1a0154a3 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -14,9 +14,13 @@
 
 struct libmnt_monitor;
 
-/* Enforce upper limit how many names we allow */
+/* Enforce upper limit on how many names we allow */
 #define MANAGER_MAX_NAMES 131072 /* 128K */
 
+/* Enforce upper limit on the number of patterns/states requested over IPC */
+#define MANAGER_MAX_PATTERNS_PER_CALL 4096U
+#define MANAGER_MAX_STATES_PER_CALL 256U
+
 /* On sigrtmin+18, private commands */
 enum {
         MANAGER_SIGNAL_COMMAND_DUMP_JOBS = _COMMON_SIGNAL_COMMAND_PRIVATE_BASE + 0,