Description of problem: Taking a closer look at the recent CVE-2019-6454 I was sending D-Bus messages with large path strings to PID 1. While the patched package doesn't seem to crash anymore it seems to leak the memory associated with the messages. Version-Release number of selected component (if applicable): systemd-239-12.git8bca462.fc29 How reproducible: Always Steps to Reproduce: 1. Check PID1's memory usage: grep -i Rss /proc/1/status VmRSS: 7960 kB RssAnon: 4296 kB RssFile: 3664 kB RssShmem: 0 kB 2. Send invalid messages to PID1: for i in `seq 1 10`; do gdbus call -y -d org.freedesktop.systemd1 -m org.freedesktop.systemd1.Manager.StartUnit -o "/$(for x in `seq 0 28000`; do echo -n $x; done)"; done Note that this takes some time as gdbus waits for a reply. This makes each message at least ~128KiB large due to the path string. 3.Check PID1's memory usage: grep -i Rss /proc/1/status VmRSS: 10600 kB RssAnon: 6936 kB RssFile: 3664 kB RssShmem: 0 kB Actual results: PID 1 drops the invalid D-Bus message, but doesn't seem to release all associated ressources. Expected results: PID 1 drops the invalid D-Bus message and releases all associated ressources. Additional info: PID1 nicely logs that it drops the messages if log level is set to 'debug': systemd[1]: Received invalid message from connection bus-api-system, dropping.
Improved (re-)producer: for i in `seq 1 30`; do gdbus call -y -d org.freedesktop.systemd1 -m org.freedesktop.systemd1.Manager.StartUnit -o "/$(for x in `seq 0 28000`; do echo -n $x; done)" & done This adds several megabytes to the equation at once: # grep -i Rss /proc/1/status VmRSS: 67272 kB RssAnon: 63424 kB RssFile: 3848 kB RssShmem: 0 kB # grep -i Rss /proc/1/status VmRSS: 74664 kB RssAnon: 70816 kB RssFile: 3848 kB RssShmem: 0 kB
grub2-2.02-75.fc30 systemd-241-4.gitcbf14c9.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-616045ca76
grub2-2.02-75.fc30, systemd-241-4.gitcbf14c9.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-616045ca76
Gave a +1 on Bodhi as the leak seems to gone with the systemd-241-4.gitcbf14c9.fc30. :)
grub2-2.02-75.fc30, systemd-241-4.gitcbf14c9.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.