From 61526b545639699c293a1bd1cde9286f68c4631e Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Thu, 22 Jun 2017 12:19:51 +0100
Subject: [PATCH 44/49] bus/containers: Limit the size of metadata we will
 store

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 bus/containers.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/bus/containers.c b/bus/containers.c
index 0aeda633..9eb1ed3f 100644
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -568,6 +568,8 @@ bus_containers_handle_add_container_server (DBusConnection *connection,
   DBusAddressEntry **entries = NULL;
   int n_entries;
   DBusMessage *reply = NULL;
+  int metadata_size;
+  int limit;
 
   context = bus_transaction_get_context (transaction);
   containers = bus_context_get_containers (context);
@@ -642,6 +644,34 @@ bus_containers_handle_add_container_server (DBusConnection *connection,
   _dbus_assert (strcmp (_dbus_variant_get_signature (instance->metadata),
                         "a{sv}") == 0);
 
+  /* For simplicity we don't count the size of the BusContainerInstance
+   * itself, the object path, lengths, the non-payload parts of the DBusString,
+   * NUL terminators and so on. That overhead is O(1) and relatively small.
+   * This cannot overflow because all parts came from a message, and messages
+   * are constrained to be orders of magnitude smaller than the maximum
+   * int value. */
+  metadata_size = _dbus_variant_get_length (instance->metadata) +
+                  (int) strlen (type) +
+                  (int) strlen (name);
+  limit = bus_context_get_max_container_metadata_bytes (context);
+
+  if (metadata_size > limit)
+    {
+      DBusError local_error = DBUS_ERROR_INIT;
+
+      dbus_set_error (&local_error, DBUS_ERROR_LIMITS_EXCEEDED,
+                      "Connection \"%s\" (%s) is not allowed to set "
+                      "%d bytes of container metadata "
+                      "(max_container_metadata_bytes=%d)",
+                      bus_connection_get_name (connection),
+                      bus_connection_get_loginfo (connection),
+                      metadata_size, limit);
+      bus_context_log_literal (context, DBUS_SYSTEM_LOG_WARNING,
+                               local_error.message);
+      dbus_move_error (&local_error, error);
+      goto fail;
+    }
+
   /* Argument 3: Named parameters */
   if (!dbus_message_iter_next (&iter))
     _dbus_assert_not_reached ("Message type was already checked");
-- 
2.11.0