Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
spice-vdagent.17026
Avoids-unlimited-agent-connections.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Avoids-unlimited-agent-connections.patch of Package spice-vdagent.17026
From e7cb988419bc4bba88083938a5d99e2b42d6034f Mon Sep 17 00:00:00 2001 From: Frediano Ziglio <freddy77@gmail.com> Date: Sun, 20 Sep 2020 08:05:37 +0100 Subject: [PATCH 15/20] Avoids unlimited agent connections Git-commit: 09ae6b76669dff47ec877c18f087c287c2e0e887 References: bsc#1173749 Limit the number of agents that can be connected. Avoids reaching the maximum number of files in a process. Beside one file descriptor per agent the daemon open just some other fixed number of files. This issue was reported by SUSE security team. Signed-off-by: Frediano Ziglio <freddy77@gmail.com> Signed-off-by: Bruce Rogers <brogers@suse.com> --- src/udscs.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/udscs.c b/src/udscs.c index f5dcc1b..4944948 100644 --- a/src/udscs.c +++ b/src/udscs.c @@ -30,6 +30,12 @@ #include "vdagentd-proto-strings.h" #include "vdagent-connection.h" +// Maximum number of connected agents. +// Avoid DoS from agents. +// As each connection end up taking a file descriptor is good to have a limit +// less than the number of file descriptors in the process (by default 1024). +#define MAX_CONNECTED_AGENTS 128 + struct udscs_connection { VDAgentConnection parent_instance; @@ -257,6 +263,12 @@ static gboolean udscs_server_accept_cb(GSocketService *service, struct udscs_server *server = user_data; struct udscs_connection *new_conn; + /* prevents DoS having too many agents attached */ + if (g_list_length(server->connections) >= MAX_CONNECTED_AGENTS) { + syslog(LOG_ERR, "Too many agents connected"); + return TRUE; + } + new_conn = g_object_new(UDSCS_TYPE_CONNECTION, NULL); new_conn->debug = server->debug; new_conn->read_callback = server->read_callback; -- 2.29.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor