From b84e80943701a6ddd6f9cd7c63c96606d5221f66 Mon Sep 17 00:00:00 2001
From: Lukasz Skalski <l.skalski@samsung.com>
Date: Tue, 5 May 2015 11:38:18 +0000
Subject: [PATCH] [kdbus] Check max message size before appending bloom item

---
 gio/gdbusconnection.c |  5 +++--
 gio/gkdbus.c          | 16 +++++++++++-----
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c
index 065af0d..5e1f0a1 100644
--- a/gio/gdbusconnection.c
+++ b/gio/gdbusconnection.c
@@ -3002,7 +3002,7 @@ get_offered_capabilities_max (GDBusConnection *connection)
       GDBusCapabilityFlags ret;
       ret = G_DBUS_CAPABILITY_FLAGS_NONE;
 #ifdef G_OS_UNIX
-      //if (G_IS_UNIX_CONNECTION (connection->stream))
+      if (G_IS_UNIX_CONNECTION (connection->stream))
         ret |= G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING;
 #endif
       return ret;
@@ -3089,9 +3089,10 @@ initable_init (GInitable     *initable,
       g_assert_not_reached ();
     }
 
-  /* [KDBUS] Skip authentication process for kdbus transport */
+  /* Skip authentication process for kdbus transport */
   if (connection->kdbus_worker)
     {
+      /* kdbus connection always supports exchanging UNIX file descriptors with the remote peer */
       connection->capabilities |= G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING;
       goto authenticated;
     }
diff --git a/gio/gkdbus.c b/gio/gkdbus.c
index 499c846..ea533e6 100644
--- a/gio/gkdbus.c
+++ b/gio/gkdbus.c
@@ -554,7 +554,6 @@ g_kdbus_worker_init (GKDBusWorker *kdbus)
 
   kdbus->kdbus_buffer = NULL;
 
-  //kdbus->flags = 0; /* KDBUS_HELLO_ACCEPT_FD */
   kdbus->flags = KDBUS_HELLO_ACCEPT_FD;
   kdbus->attach_flags_send = _KDBUS_ATTACH_ALL;
   kdbus->attach_flags_recv = _KDBUS_ATTACH_ALL;
@@ -2298,15 +2297,20 @@ g_kdbus_msg_append_bloom (struct kdbus_msg *msg,
                           gsize             size)
 {
   struct kdbus_item *bloom_item;
+  gsize bloom_item_size;
+
+  bloom_item_size = G_STRUCT_OFFSET (struct kdbus_item, bloom_filter) +
+                    G_STRUCT_OFFSET (struct kdbus_bloom_filter, data) +
+                    size;
+  if (msg->size + bloom_item_size > KDBUS_MSG_MAX_SIZE)
+    return NULL;
 
   /* align */
   msg->size += (-msg->size) & 7;
   bloom_item = (struct kdbus_item *) ((guchar *) msg + msg->size);
 
   /* set size and type */
-  bloom_item->size = G_STRUCT_OFFSET (struct kdbus_item, bloom_filter) +
-                     G_STRUCT_OFFSET (struct kdbus_bloom_filter, data) +
-                     size;
+  bloom_item->size = bloom_item_size;
   bloom_item->type = KDBUS_ITEM_BLOOM_FILTER;
 
   msg->size += bloom_item->size;
@@ -2622,13 +2626,15 @@ _g_kdbus_send (GKDBusWorker        *kdbus,
     msg->flags |= KDBUS_MSG_SIGNAL;
 
   /*
-   *
+   * append bloom filter item for broadcast signals
    */
   if (msg->dst_id == KDBUS_DST_ID_BROADCAST)
     {
       struct kdbus_bloom_filter *bloom_filter;
 
       bloom_filter = g_kdbus_msg_append_bloom (msg, kdbus->bloom_size);
+      if (bloom_filter == NULL)
+        goto need_compact;
       g_kdbus_setup_bloom (kdbus, message, bloom_filter);
     }
 
-- 
2.7.4