review.tizen.org Git - platform/upstream/dbus.git/commit

author	Simon McVittie <smcv@collabora.com>
	Mon, 12 Sep 2022 12:14:18 +0000 (13:14 +0100)
committer	Unsung Lee <unsung.lee@samsung.com>
	Tue, 21 Feb 2023 01:53:04 +0000 (10:53 +0900)
commit	71daa811a411b9eec23ffed38551cb4f574d53e5
tree	14fcf7629b5ae04c9aa1dcca09d889ca17c4d6eb	tree \| snapshot
parent	f3bcc8508e36c13144c5122bf433a43c31c969eb	commit \| diff

dbus-marshal-validate: Validate length of arrays of fixed-length items

This fast-path previously did not check that the array was made up
of an integer number of items. This could lead to assertion failures
and out-of-bounds accesses during subsequent message processing (which
assumes that the message has already been validated), particularly after
the addition of _dbus_header_remove_unknown_fields(), which makes it
more likely that dbus-daemon will apply non-trivial edits to messages.

Thanks: Evgeny Vereshchagin
Fixes: e61f13cf "Bug 18064 - more efficient validation for fixed-size type arrays"
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/413
Resolves: CVE-2022-42011
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 079bbf16186e87fb0157adf8951f19864bc2ed69)
(cherry picked from commit b9e6a7523085a2cfceaffca7ba1ab4251f12a984)
Signed-off-by: Unsung Lee <unsung.lee@samsung.com>
Change-Id: Idfe8cead0721c414f1e6946a5dc0544bad63d42e