review.tizen.org Git - platform/upstream/dbus.git/commit

config: add new limit: pending_fd_timeout

This is one of four commits needed to address CVE-2014-3637.

When a file descriptor is passed to dbus-daemon, the associated D-Bus message
might not be fully sent to dbus-daemon yet. Dbus-daemon keeps the file
descriptor in the DBusMessageLoader of the connection, waiting for the rest of
the message. If the client stops sending the remaining bytes, dbus-daemon will
wait forever and keep that file descriptor.

This patch adds pending_fd_timeout (milliseconds) in the configuration to
disconnect a connection after a timeout when a file descriptor was sent but not
the remaining message.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80559
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

author	Alban Crequy <alban.crequy@collabora.co.uk>
	Mon, 21 Jul 2014 16:34:08 +0000 (17:34 +0100)
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>
	Mon, 15 Sep 2014 11:29:30 +0000 (12:29 +0100)
commit	bbf11cd5f92064c7c8af61ad4d9ff41f3a039abc
tree	0af92fe58a66363f1c608d8e6f81f18a861a6970	tree \| snapshot
parent	8ad179a8dad789fc6a5402780044bc0ec3d41115	commit \| diff

bus/bus.c		diff \| blob \| history
bus/bus.h		diff \| blob \| history
bus/config-parser.c		diff \| blob \| history
bus/session.conf.in		diff \| blob \| history
doc/dbus-daemon.1.xml.in		diff \| blob \| history