From 6060aaa0ea1e9bbe1dd7a1864c8df52e333a45ee Mon Sep 17 00:00:00 2001 From: Alban Crequy <alban.crequy@collabora.co.uk> Date: Thu, 10 Jul 2014 15:08:06 +0100 Subject: [PATCH 01/10] system bus limit: use max_replies_per_connection=128 by default This addresses CVE-2014-3638. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=81053 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> (cherry picked from commit 5bc7f9519ebc6117ba300c704794b36b87c2194b) --- bus/config-parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bus/config-parser.c b/bus/config-parser.c index 07e8fbb..e4a0262 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -456,7 +456,7 @@ bus_config_parser_new (const DBusString *basedir, /* this is effectively a limit on message queue size for messages * that require a reply */ - parser->limits.max_replies_per_connection = 1024*8; + parser->limits.max_replies_per_connection = 128; } parser->refcount = 1; -- 2.1.0