[EGIT] [core/enlightenment] master 02/02: e - efm - rate limit dbus requests to open dirs or files to avoid dos

Tue, 24 Nov 2015 05:12:55 -0800 

raster pushed a commit to branch master.

http://git.enlightenment.org/core/enlightenment.git/commit/?id=255d227ac8a2e6f8b7c890cf2900a4f2616c6719

commit 255d227ac8a2e6f8b7c890cf2900a4f2616c6719
Author: Carsten Haitzler (Rasterman) <ras...@rasterman.com>
Date:   Tue Nov 24 22:06:54 2015 +0900

    e - efm - rate limit dbus requests to open dirs or files to avoid dos
    
    in a wayland wold we dont want to trust clients on the other side of a
    dbus connection - so rate limit what you can do with efm dbus requests
    
    @fix
---
 src/modules/fileman/e_mod_dbus.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/src/modules/fileman/e_mod_dbus.c b/src/modules/fileman/e_mod_dbus.c
index 93a8a7d..2f291c0 100644
--- a/src/modules/fileman/e_mod_dbus.c
+++ b/src/modules/fileman/e_mod_dbus.c
@@ -56,6 +56,21 @@ _e_fileman_dbus_daemon_free(E_Fileman_DBus_Daemon *d)
    free(d);
 }
 
+static Eina_Bool
+_e_fileman_dbus_call_rate_limit(void)
+{
+   static double last_call = 0.0;
+   static unsigned long long last_calls = 0;
+   double t = ecore_time_get();
+
+   if ((t - last_call) < 0.5) last_calls++;
+   else last_calls = 0;
+   last_call = t;
+   // if we get more than 10 requests over 0.5 sec - rate limit
+   if (last_calls > 10) return EINA_TRUE;
+   return EINA_FALSE;
+}
+
 static Eldbus_Message *
 _e_fileman_dbus_daemon_open_directory_cb(const Eldbus_Service_Interface *iface 
EINA_UNUSED,
                                          const Eldbus_Message *msg)
@@ -64,6 +79,12 @@ _e_fileman_dbus_daemon_open_directory_cb(const 
Eldbus_Service_Interface *iface E
    char *dev, *to_free = NULL;
    E_Zone *zone;
 
+
+   if (_e_fileman_dbus_call_rate_limit())
+     {
+        fprintf(stderr, "EFM remote call rate limiting to avoid DOS attacks");
+        return eldbus_message_method_return_new(msg);
+     }
    if (!eldbus_message_arguments_get(msg, "s", &directory))
      {
         fprintf(stderr, "Error: getting arguments of OpenDirectory call.\n");
@@ -159,6 +180,11 @@ _e_fileman_dbus_daemon_open_file_cb(const 
Eldbus_Service_Interface *iface EINA_U
    char *real_file, *to_free = NULL;
    E_Zone *zone;
 
+   if (_e_fileman_dbus_call_rate_limit())
+     {
+        fprintf(stderr, "EFM remote call rate limiting to avoid DOS attacks");
+        return eldbus_message_method_return_new(msg);
+     }
    if (!eldbus_message_arguments_get(msg, "s", &param_file))
      {
         fprintf(stderr, "ERROR: getting arguments of OpenFile call.\n");

--

Reply via email to