projects / platform / upstream / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0b4775b) | patch
bus-message: fix skipping of array fields in !gvariant messages
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Sat, 11 Aug 2018 06:32:20 +0000 (08:32 +0200)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Tue, 2 Oct 2018 09:53:20 +0000 (11:53 +0200)
commit73777ddba5100fe6c0791cd37a91f24a515f3202
tree601fd142d1bc2e68f1ea0cc6f893a6987242819dtree | snapshot
parent0b4775b52747bebf7ecb62062798475629767044commit | diff
bus-message: fix skipping of array fields in !gvariant messages

We copied part of the string into a buffer that was off by two.
If the element signature had length one, we'd copy 0 bytes and crash when
looking at the "first" byte. Otherwise, we would crash because strncpy would
not terminate the string.
src/libsystemd/sd-bus/bus-message.c diff | blob | history
test/fuzz/fuzz-bus-message/crash-37449529b1ad867f0c2671fa80aca5d7812a2b70 [new file with mode: 0644] blob
Domain: System / System Framework;