assertion failed "i == real->len || !DBUS_IS_ASCII_WHITE (real->str[i])" file "../dbus/dbus-string.c" line 1881 function _dbus_string_skip_blank
I'm not sure whether this issue should be "confidential" or not but just in case I flipped the flag. Personally I don't think it's a vulnerability because it can be triggered with assertions enabled only and the assertion itself doesn't seem to be correct in the sense that it seems DBUS_IS_ASCII_BLANK
should be used there instead of DBUS_IS_ASCII_WHITE
.
printf '\0 \rT\r\n' | ncat -U /run/dbus/system_bus_socket
assertion failed "i == real->len || !DBUS_IS_ASCII_WHITE (real->str[i])" file "../dbus/dbus-string.c" line 1881 function _dbus_string_skip_blank
/root/dbus/build/bus/../dbus/libdbus-1.so.3(_dbus_print_backtrace+0x1f) [0x48bcc41]
/root/dbus/build/bus/../dbus/libdbus-1.so.3(_dbus_abort+0xd) [0x48b60c9]
/root/dbus/build/bus/../dbus/libdbus-1.so.3(_dbus_real_assert+0x4e) [0x48a9ce3]
/root/dbus/build/bus/../dbus/libdbus-1.so.3(_dbus_string_skip_blank+0x285) [0x48b3611]
/root/dbus/build/bus/../dbus/libdbus-1.so.3(+0x1c43c) [0x487043c]
/root/dbus/build/bus/../dbus/libdbus-1.so.3(_dbus_auth_do_work+0x83) [0x4870a02]
/root/dbus/build/bus/../dbus/libdbus-1.so.3(_dbus_transport_try_to_authenticate+0x9d) [0x48a42fd]
/root/dbus/build/bus/../dbus/libdbus-1.so.3(+0x4d618) [0x48a1618]
/root/dbus/build/bus/../dbus/libdbus-1.so.3(+0x4e1c7) [0x48a21c7]
/root/dbus/build/bus/../dbus/libdbus-1.so.3(_dbus_transport_handle_watch+0xdb) [0x48a46b2]
/root/dbus/build/bus/../dbus/libdbus-1.so.3(_dbus_connection_handle_watch+0xf2) [0x4875457]
/root/dbus/build/bus/../dbus/libdbus-1.so.3(dbus_watch_handle+0x164) [0x48a5ff5]
/root/dbus/build/bus/dbus-daemon(_dbus_loop_iterate+0x629) [0x144c8e]
/root/dbus/build/bus/dbus-daemon(_dbus_loop_run+0x76) [0x144e1d]
/root/dbus/build/bus/dbus-daemon(main+0xb4b) [0x119d2e]
/lib/x86_64-linux-gnu/libc.so.6(+0x2920a) [0x4a8720a]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x7c) [0x4a872bc]
/root/dbus/build/bus/dbus-daemon(_start+0x21) [0x118991]
==93640==
==93640== Process terminating with default action of signal 6 (SIGABRT): dumping core
==93640== at 0x4AE757C: __pthread_kill_implementation (pthread_kill.c:44)
==93640== by 0x4A9BA01: raise (raise.c:26)
==93640== by 0x4A86468: abort (abort.c:79)
==93640== by 0x48B6125: _dbus_abort (dbus-sysdeps.c:101)
==93640== by 0x48A9CE2: _dbus_real_assert (dbus-internals.c:1020)
==93640== by 0x48B3610: _dbus_string_skip_blank (dbus-string.c:1881)
==93640== by 0x487043B: process_command (dbus-auth.c:2297)
==93640== by 0x4870A01: _dbus_auth_do_work (dbus-auth.c:2559)
==93640== by 0x48A42FC: _dbus_transport_try_to_authenticate (dbus-transport.c:751)
==93640== by 0x48A1617: do_authentication (dbus-transport-socket.c:429)
==93640== by 0x48A21C6: socket_handle_watch (dbus-transport-socket.c:980)
==93640== by 0x48A46B1: _dbus_transport_handle_watch (dbus-transport.c:926)