From: Luca Boccassi <bluca@debian.org>
Date: Sat, 9 Dec 2023 12:09:42 +0000 (+0000)
Subject: journal-remote: set upper length bound when parsing incoming headers
X-Git-Tag: v256-rc1~1541^2~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5572e9d82ffe2feef14d579eeedec8a86811e71c;p=thirdparty%2Fsystemd.git

journal-remote: set upper length bound when parsing incoming headers

CID#1529420
---

diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
index 9f0d0ec34af..ad1c46ac6ca 100644
--- a/src/journal-remote/journal-gatewayd.c
+++ b/src/journal-remote/journal-gatewayd.c
@@ -22,6 +22,7 @@
 #include "fileio.h"
 #include "glob-util.h"
 #include "hostname-util.h"
+#include "journal-remote.h"
 #include "log.h"
 #include "logs-show.h"
 #include "main-func.h"
@@ -431,6 +432,11 @@ static int request_parse_range(
         if (!range)
                 return 0;
 
+        /* Safety upper bound to make Coverity happy. Apache2 has a default limit of 8KB:
+         * https://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfieldsize */
+        if (strlen(range) > JOURNAL_SERVER_MEMORY_MAX)
+                return -EINVAL;
+
         m->n_skip = 0;
         range_after_eq = startswith(range, "entries=");
         if (range_after_eq) {
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index da0f20d3ce0..6c09c068c80 100644
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -374,7 +374,7 @@ static int setup_microhttpd_server(RemoteServer *s,
                 { MHD_OPTION_EXTERNAL_LOGGER, (intptr_t) microhttpd_logger},
                 { MHD_OPTION_NOTIFY_COMPLETED, (intptr_t) request_meta_free},
                 { MHD_OPTION_LISTEN_SOCKET, fd},
-                { MHD_OPTION_CONNECTION_MEMORY_LIMIT, 128*1024},
+                { MHD_OPTION_CONNECTION_MEMORY_LIMIT, JOURNAL_SERVER_MEMORY_MAX},
                 { MHD_OPTION_END},
                 { MHD_OPTION_END},
                 { MHD_OPTION_END},
diff --git a/src/journal-remote/journal-remote.h b/src/journal-remote/journal-remote.h
index 8d73f95dc9c..1c0cde4db34 100644
--- a/src/journal-remote/journal-remote.h
+++ b/src/journal-remote/journal-remote.h
@@ -48,6 +48,9 @@ struct RemoteServer {
 };
 extern RemoteServer *journal_remote_server_global;
 
+/* Used for MHD_OPTION_CONNECTION_MEMORY_LIMIT and header parsing cap */
+#define JOURNAL_SERVER_MEMORY_MAX 128U * 1024U
+
 int journal_remote_server_init(
                 RemoteServer *s,
                 const char *output,