From 32a011a72775d077fa7df3432dd1115906e62829 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Thu, 22 Jun 2017 12:50:48 +0100
Subject: [PATCH] bus/containers: Enforce max_connections_per_container

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 bus/containers.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/bus/containers.c b/bus/containers.c
index b7bd95d2..65af8430 100644
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -471,6 +471,19 @@ new_connection_cb (DBusServer     *server,
                    void           *data)
 {
   BusContainerInstance *instance = data;
+  int limit = bus_context_get_max_connections_per_container (instance->context);
+
+  /* This is O(n), but we assume n is small in practice. */
+  if (_dbus_list_get_length (&instance->connections) >= limit)
+    {
+      /* We can't send this error to the new connection, so just log it */
+      bus_context_log (instance->context, DBUS_SYSTEM_LOG_WARNING,
+                       "Closing connection to container server "
+                       "%s (%s \"%s\") because it would exceed resource limit "
+                       "(max_connections_per_container=%d)",
+                       instance->path, instance->type, instance->name, limit);
+      return;
+    }
 
   if (!dbus_connection_set_data (new_connection, contained_data_slot,
                                  bus_container_instance_ref (instance),
-- 
2.13.2