File hold-profile-hardening.patch of Package power-profiles-daemon

Index: power-profiles-daemon-0.30/src/power-profiles-daemon.c
===================================================================
--- power-profiles-daemon-0.30.orig/src/power-profiles-daemon.c
+++ power-profiles-daemon-0.30/src/power-profiles-daemon.c
@@ -830,6 +830,29 @@ holder_disappeared (GDBusConnection *con
   g_ptr_array_free (cookies, TRUE);
 }
 
+#define MAX_UNTRUSTED_STR_LEN 1024
+#define MAX_PROFILE_HOLDS 32
+
+static gboolean
+check_sane_string(const char *s)
+{
+  guint i;
+
+  for (i = 0; s[i] != 0; i++) {
+    gchar ch = s[i];
+
+    if (i > MAX_UNTRUSTED_STR_LEN)
+      return FALSE;
+
+    if (g_ascii_isalnum(ch) || g_ascii_isspace(ch))
+      continue;
+
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
 static void
 hold_profile (PpdApp                *data,
               GVariant              *parameters,
@@ -858,6 +881,18 @@ hold_profile (PpdApp                *dat
     return;
   }
 
+  if (!check_sane_string(reason) || !check_sane_string(application_id)) {
+    g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
+                                           "Input strings are too long or contain invalid characters");
+    return;
+  }
+
+  if (g_hash_table_size(data->profile_holds) > MAX_PROFILE_HOLDS) {
+    g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_LIMITS_EXCEEDED,
+                                           "Too many profile holds already active");
+    return;
+  }
+
   hold = g_new0 (ProfileHold, 1);
   hold->profile = profile;
   hold->reason = g_strdup (reason);