dbus-manager: limit the number of states/patterns per query

Let's cap the number of states/patterns per query to something
reasonable, i.e. max 256 states and 4K patterns per query.

diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 076a26c6fd1715052c1e920407507e8fd186a2c7..37b38c6ae9ee53a6a4f50913b0b33c51dd858b6c 100644 (file)
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -1251,6 +1251,14 @@ static int list_units_filtered(sd_bus_message *message, void *userdata, sd_bus_e
 
         /* Anyone can call this method */
 
+        if (strv_length(states) > MANAGER_MAX_STATES_PER_CALL)
+                return sd_bus_error_set(reterr_error, SD_BUS_ERROR_LIMITS_EXCEEDED,
+                                        "Too many states in a single query.");
+
+        if (strv_length(patterns) > MANAGER_MAX_PATTERNS_PER_CALL)
+                return sd_bus_error_set(reterr_error, SD_BUS_ERROR_LIMITS_EXCEEDED,
+                                        "Too many patterns in a single query.");
+
         r = sd_bus_message_new_method_return(message, &reply);
         if (r < 0)
                 return r;
@@ -1434,6 +1442,10 @@ static int dump_impl(
 
         assert(message);
 
+        if (strv_length(patterns) > MANAGER_MAX_PATTERNS_PER_CALL)
+                return sd_bus_error_set(reterr_error, SD_BUS_ERROR_LIMITS_EXCEEDED,
+                                        "Too many patterns in a single query.");
+
         /* 'status' access is the bare minimum always needed for this, as the policy might straight out
          * forbid a client from querying any information from systemd, regardless of any rate limiting. */
         r = mac_selinux_access_check(message, "status", reterr_error);
@@ -2177,6 +2189,14 @@ static int list_unit_files_by_patterns(sd_bus_message *message, void *userdata,
 
         /* Anyone can call this method */
 
+        if (strv_length(states) > MANAGER_MAX_STATES_PER_CALL)
+                return sd_bus_error_set(reterr_error, SD_BUS_ERROR_LIMITS_EXCEEDED,
+                                        "Too many states in a single query.");
+
+        if (strv_length(patterns) > MANAGER_MAX_PATTERNS_PER_CALL)
+                return sd_bus_error_set(reterr_error, SD_BUS_ERROR_LIMITS_EXCEEDED,
+                                        "Too many patterns in a single query.");
+
         r = mac_selinux_access_check(message, "status", reterr_error);
         if (r < 0)
                 return r;

diff --git a/src/core/manager.h b/src/core/manager.h
index 7d58c330a1b826f63beb3b386979d6e0db4f7416..3bb1a0154a3996ee5cbb596f4d3e3f234994068b 100644 (file)
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -14,9 +14,13 @@
 
 struct libmnt_monitor;
 
-/* Enforce upper limit how many names we allow */
+/* Enforce upper limit on how many names we allow */
 #define MANAGER_MAX_NAMES 131072 /* 128K */
 
+/* Enforce upper limit on the number of patterns/states requested over IPC */
+#define MANAGER_MAX_PATTERNS_PER_CALL 4096U
+#define MANAGER_MAX_STATES_PER_CALL 256U
+
 /* On sigrtmin+18, private commands */
 enum {
         MANAGER_SIGNAL_COMMAND_DUMP_JOBS = _COMMON_SIGNAL_COMMAND_PRIVATE_BASE + 0,