Re: [PATCH] libteamdctl: validate the bus name before using it
Mon, Jul 04, 2022 at 06:13:25PM CEST, lucien.xin(a)gmail.com wrote:
On Mon, Jun 27, 2022 at 11:49 AM Jiri Pirko <jiri(a)resnulli.us>
wrote:
>
> Fri, Apr 15, 2022 at 05:41:39PM CEST, lucien.xin(a)gmail.com wrote:
> >Using bus name without validating it will cause core dump generated,
> >and it can be reproduced by:
> >
> > # ip link add dummy0.1 type dummy
> > # teamdctl dummy0.1 state dump
> >
> > This is normally a bug in some application using the D-Bus library.
> >
> > D-Bus not built with -rdynamic so unable to print a backtrace
> > Aborted (core dumped)
> >
> >Doing this many times can even create too many core files, customers
> >may complain about it.
> >
> >This is triggered when calling cli_method_call("ConfigDump") in
> >cli_init(), so fix it by returning err in cli->init/cli_dbus_init()
> >if the bus name fails to validate.
> >
> >Note this is safe, as with dbus, we can't use invalid dbus name to
> >create the team dev either.
> >
> >Fixes: d8163e34c25c ("libteamdctl: do test method call instead or Introspect
call")
> >Reported-by: Uday Patel <upatel(a)redhat.com>
> >Signed-off-by: Xin Long <lucien.xin(a)gmail.com>
>
> Applied, thanks!
But I don't see it on https://github.com/jpirko/libteam, and the
latest commit I saw was on Feb 22, 2021.
Can you please double-check it?
Indeed, I failed to push. Doing that now.
>
>Thanks.
>
>>
>> >---
>> > libteamdctl/cli_dbus.c | 7 ++++++-
>> > 1 file changed, 6 insertions(+), 1 deletion(-)
>> >
>> >diff --git a/libteamdctl/cli_dbus.c b/libteamdctl/cli_dbus.c
>> >index dfef5c4..242ef86 100644
>> >--- a/libteamdctl/cli_dbus.c
>> >+++ b/libteamdctl/cli_dbus.c
>> >@@ -183,12 +183,17 @@ static int cli_dbus_init(struct teamdctl *tdc, const
char *team_name, void *priv
>> > if (ret == -1)
>> > return -errno;
>> >
>> >+ err = -EINVAL;
>> > dbus_error_init(&error);
>> >+ if (!dbus_validate_bus_name(cli_dbus->service_name, &error)) {
>> >+ err(tdc, "dbus: Could not validate bus name: %s -
%s",
>> >+ error.name, error.message);
>> >+ goto free_service_name;
>> >+ }
>> > cli_dbus->conn = dbus_bus_get(DBUS_BUS_SYSTEM, &error);
>> > if (!cli_dbus->conn) {
>> > err(tdc, "dbus: Could not acquire the system bus: %s -
%s",
>> > error.name, error.message);
>> >- err = -EINVAL;
>> > goto free_service_name;
>> > }
>> > err = 0;
>> >--
>> >2.31.1
>> >