From bbf11cd5f92064c7c8af61ad4d9ff41f3a039abc Mon Sep 17 00:00:00 2001
From: Alban Crequy <alban.crequy@collabora.co.uk>
Date: Mon, 21 Jul 2014 17:34:08 +0100
Subject: config: add new limit: pending_fd_timeout

This is one of four commits needed to address CVE-2014-3637.

When a file descriptor is passed to dbus-daemon, the associated D-Bus message
might not be fully sent to dbus-daemon yet. Dbus-daemon keeps the file
descriptor in the DBusMessageLoader of the connection, waiting for the rest of
the message. If the client stops sending the remaining bytes, dbus-daemon will
wait forever and keep that file descriptor.

This patch adds pending_fd_timeout (milliseconds) in the configuration to
disconnect a connection after a timeout when a file descriptor was sent but not
the remaining message.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80559
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
---
 bus/bus.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'bus/bus.c')

diff --git a/bus/bus.c b/bus/bus.c
index a3dce244..35d40754 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -1240,6 +1240,12 @@ bus_context_get_auth_timeout (BusContext *context)
   return context->limits.auth_timeout;
 }
 
+int
+bus_context_get_pending_fd_timeout (BusContext *context)
+{
+  return context->limits.pending_fd_timeout;
+}
+
 int
 bus_context_get_max_completed_connections (BusContext *context)
 {
-- 
cgit v1.2.3