dbus-cleanup-sockets can use a _lot_ of memory or crash when there is a *large* number of files in /tmp with a prefix "dbus-".
in dbus-cleanup-sockets.c if the system has sufficient memory and the filesystem permits creating enough files such that n_entries wraps around (becomes negative) then the 'while ((dent = readdir (dirh)))' loop will crash on the line "entries[n_entries] = se;"
A partial fix for this issue may look like the following:
read_sockets (const char *dir,
struct dirent *dent;
- int n_entries;
+ unsigned short int n_entries;
The structure of this tool seems rather crazy; instead of looping over readdir() and putting all the sockets in a list, then iterating through the list, it looks as though it'd make much more sense to loop over readdir() and do everything we'll ever do with the first socket before moving on to the second.
On Linux, this tool should never be needed, because D-Bus prefers to use abstract sockets (which don't exist in the filesystem and never need cleanup).
If someone who cares about non-Linux OSs with millions of concurrent D-Bus sessions wants to rewrite dbus-cleanup-sockets to have a more sensible structure, I wouldn't say no...
-- GitLab Migration Automatic Message --
This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.
You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/dbus/dbus/issues/50.