review.tizen.org Git - platform/upstream/dbus.git/commit

author	Simon McVittie <smcv@collabora.com>
	Tue, 13 Sep 2022 14:10:22 +0000 (15:10 +0100)
committer	Unsung Lee <unsung.lee@samsung.com>
	Fri, 17 Feb 2023 06:25:19 +0000 (15:25 +0900)
commit	1962bd7b478b21ae054b836f41e944f2a45f6621
tree	fcce3fd4a847825b40713295f4073929d5a1a862	tree \| snapshot
parent	f3bcc8508e36c13144c5122bf433a43c31c969eb	commit \| diff

dbus-marshal-validate: Check brackets in signature nest correctly

In debug builds with assertions enabled, a signature with incorrectly
nested `()` and `{}`, for example `a{i(u}` or `(a{ii)}`, could result
in an assertion failure.

In production builds without assertions enabled, a signature with
incorrectly nested `()` and `{}` could potentially result in a crash
or incorrect message parsing, although we do not have a concrete example
of either of these failure modes.

Thanks: Evgeny Vereshchagin
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
Resolves: CVE-2022-42010
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 9d07424e9011e3bbe535e83043d335f3093d2916)
(cherry picked from commit 3e53a785dee8d1432156188a2c4260e4cbc78c4d)

Change-Id: I0b3f37401dd6e0a0e8a9004e5a85e166b68db810
Signed-off-by: Unsung Lee <unsung.lee@samsung.com>