dbus-marshal-validate: Check brackets in signature nest correctly (9d07424e) · Commits · dbus / dbus · GitLab

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

Commit 9d07424e authored Sep 13, 2022 by

Simon McVittie

dbus-marshal-validate: Check brackets in signature nest correctly

In debug builds with assertions enabled, a signature with incorrectly
nested `()` and `{}`, for example `a{i(u}` or `(a{ii)}`, could result
in an assertion failure.

In production builds without assertions enabled, a signature with
incorrectly nested `()` and `{}` could potentially result in a crash
or incorrect message parsing, although we do not have a concrete example
of either of these failure modes.

Thanks: Evgeny Vereshchagin
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
Resolves: CVE-2022

-42010
Signed-off-by: Simon McVittie <smcv@collabora.com>

parent 1ecbbc37

Hide whitespace changes

Inline Side-by-side

Simon McVittie @smcv
mentioned in commit 8f382ee4
· Oct 05, 2022

mentioned in commit 8f382ee4

mentioned in commit 8f382ee405ec68850866298ba0574f12e261a6fa

Toggle commit list
Simon McVittie @smcv
mentioned in commit 3e53a785
· Oct 05, 2022

mentioned in commit 3e53a785

mentioned in commit 3e53a785dee8d1432156188a2c4260e4cbc78c4d

Toggle commit list

Please register or to comment