From: Simon McVittie <smcv@collabora.com>
Date: Thu, 22 Jun 2017 11:50:48 +0000 (+0100)
Subject: bus/containers: Enforce max_connections_per_container
X-Git-Tag: dbus-1.13.0~57^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=62e8fd7a9c873f230a51a4e1c9b356f1de7b8867;p=thirdparty%2Fdbus.git

bus/containers: Enforce max_connections_per_container

Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
---

diff --git a/bus/containers.c b/bus/containers.c
index 7aa3e2b7f..994f89b1a 100644
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -474,6 +474,19 @@ new_connection_cb (DBusServer     *server,
                    void           *data)
 {
   BusContainerInstance *instance = data;
+  int limit = bus_context_get_max_connections_per_container (instance->context);
+
+  /* This is O(n), but we assume n is small in practice. */
+  if (_dbus_list_get_length (&instance->connections) >= limit)
+    {
+      /* We can't send this error to the new connection, so just log it */
+      bus_context_log (instance->context, DBUS_SYSTEM_LOG_WARNING,
+                       "Closing connection to container server "
+                       "%s (%s \"%s\") because it would exceed resource limit "
+                       "(max_connections_per_container=%d)",
+                       instance->path, instance->type, instance->name, limit);
+      return;
+    }
 
   if (!dbus_connection_set_data (new_connection, contained_data_slot,
                                  bus_container_instance_ref (instance),