dbus-marshal-validate: Validate length of arrays of fixed-length items (079bbf16) · Commits · dbus / dbus · GitLab

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

Commit 079bbf16 authored Sep 12, 2022 by

Simon McVittie

dbus-marshal-validate: Validate length of arrays of fixed-length items

This fast-path previously did not check that the array was made up
of an integer number of items. This could lead to assertion failures
and out-of-bounds accesses during subsequent message processing (which
assumes that the message has already been validated), particularly after
the addition of _dbus_header_remove_unknown_fields(), which makes it
more likely that dbus-daemon will apply non-trivial edits to messages.

Thanks: Evgeny Vereshchagin
Fixes: e61f13cf "Bug 18064 - more efficient validation for fixed-size type arrays"
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/413
Resolves: CVE-2022

-42011
Signed-off-by: Simon McVittie <smcv@collabora.com>

parent 67800ac5

Hide whitespace changes

Inline Side-by-side

Simon McVittie @smcv
mentioned in commit 3b8a7aff
· Oct 05, 2022

mentioned in commit 3b8a7aff

mentioned in commit 3b8a7aff228770f4f7b478db606b10cceacea875

Toggle commit list
Simon McVittie @smcv
mentioned in commit b9e6a752
· Oct 05, 2022

mentioned in commit b9e6a752

mentioned in commit b9e6a7523085a2cfceaffca7ba1ab4251f12a984

Toggle commit list

Please register or to comment