]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d355618) | patch
journald: set a limit on the number of fields (1k)
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 5 Dec 2018 21:45:02 +0000 (22:45 +0100)
committerLukáš Nykrýn <lnykryn@redhat.com>
Mon, 11 Feb 2019 09:51:14 +0000 (10:51 +0100)
commit9f53d3cded6cf7eccb40c810dfb8fd6e101c7a3b
tree0d5a7c304a5b48b191939d987a24afcf66ebedc8tree | snapshot
parentd355618518f26bd045df81a52dade79ac3079f3fcommit | diff
journald: set a limit on the number of fields (1k)

We allocate a iovec entry for each field, so with many short entries,
our memory usage and processing time can be large, even with a relatively
small message size. Let's refuse overly long entries.

CVE-2018-16865
https://bugzilla.redhat.com/show_bug.cgi?id=1653861

What from I can see, the problem is not from an alloca, despite what the CVE
description says, but from the attack multiplication that comes from creating
many very small iovecs: (void* + size_t) for each three bytes of input message.

(cherry-picked from commit 052c57f132f04a3cf4148f87561618da1a6908b4)

Resolves: #1664977
src/journal/journal-file.h diff | blob | blame | history
src/journal/journald-native.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.