File 0001-CVE-2020-25652-Avoids-unlimited-agent-conn... of Package spice-vdagent

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-CVE-2020-25652-Avoids-unlimited-agent-connections.patch of Package spice-vdagent

Subject: Avoids unlimited agent connections
From: Frediano Ziglio freddy77@gmail.com Sun Sep 20 08:05:37 2020 +0100
Date: Thu Oct 29 14:59:18 2020 +0000:
Git: 91caa9223857708475d29df1768208fed1675340

Limit the number of agents that can be connected.
Avoids reaching the maximum number of files in a process.
Beside one file descriptor per agent the daemon open just some
other fixed number of files.

This issue was reported by SUSE security team.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>

Index: spice-vdagent-0.16.0/src/udscs.c
===================================================================
--- spice-vdagent-0.16.0.orig/src/udscs.c
+++ spice-vdagent-0.16.0/src/udscs.c
@@ -33,6 +33,12 @@
 #include <sys/un.h>
 #include "udscs.h"
 
+// Maximum number of connected agents.
+// Avoid DoS from agents.
+// As each connection end up taking a file descriptor is good to have a limit
+// less than the number of file descriptors in the process (by default 1024).
+#define MAX_CONNECTED_AGENTS 128
+
 struct udscs_buf {
     uint8_t *buf;
     size_t pos;
@@ -270,7 +276,18 @@ static void udscs_server_accept(struct u
     struct udscs_connection *new_conn, *conn;
     struct sockaddr_un address;
     socklen_t length = sizeof(address);
-    int r, fd;
+    int c, r, fd;
+
+    /* prevents DoS having too many agents attached */
+    c = 0;
+    conn = &server->connections_head;
+    while (conn->next) {
+        conn = conn->next;
+        if (++c >= MAX_CONNECTED_AGENTS) {
+            syslog(LOG_ERR, "Too many agents connected");
+            return;
+        }
+    }
 
     fd = accept(server->fd, (struct sockaddr *)&address, &length);
     if (fd == -1) {

Places

File 0001-CVE-2020-25652-Avoids-unlimited-agent-connections.patch of Package spice-vdagent

Places