1 files changed, 36 insertions, 0 deletions

diff --git a/debian/patches/0001-Log-to-syslog-when-auth_timeout-drops-an-incomplete-.patch b/debian/patches/0001-Log-to-syslog-when-auth_timeout-drops-an-incomplete-.patch
new file mode 100644
index 00000000..b2ae5e6e
--- /dev/null
+++ b/debian/patches/0001-Log-to-syslog-when-auth_timeout-drops-an-incomplete-.patch
@@ -0,0 +1,36 @@
+From 39f4b36ba546818a7dc00bfdcde9b21bb8abcaac Mon Sep 17 00:00:00 2001
+From: Simon McVittie <simon.mcvittie@collabora.co.uk>
+Date: Tue, 18 Nov 2014 12:01:44 +0000
+Subject: [PATCH 1/2] Log to syslog when auth_timeout drops an incomplete
+ connection
+
+This is a symptom of either a denial of service attack, or a
+serious performance problem. Either way, sysadmins should know.
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=86431
+---
+ bus/connection.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/bus/connection.c b/bus/connection.c
+index f9cc22d..920d454 100644
+--- a/bus/connection.c
++++ b/bus/connection.c
+@@ -860,6 +860,14 @@ bus_connections_expire_incomplete (BusConnections *connections)
+ 
+           if (elapsed >= (double) auth_timeout)
+             {
++              /* Unfortunately, we can't identify the connection: it doesn't
++               * have a unique name yet, we don't know its uid/pid yet,
++               * and so on. */
++              bus_context_log (connections->context, DBUS_SYSTEM_LOG_INFO,
++                  "Connection has not authenticated soon enough, closing it "
++                  "(auth_timeout=%dms, elapsed: %.0fms)",
++                  auth_timeout, elapsed);
++
+               _dbus_verbose ("Timing out authentication for connection %p\n", connection);
+               dbus_connection_close (connection);
+             }
+-- 
+2.1.3
+