review.tizen.org Git - platform/upstream/dbus.git/commit

author	Simon McVittie <smcv@collabora.com>
	Tue, 13 Sep 2022 14:10:22 +0000 (15:10 +0100)
committer	Unsung Lee <unsung.lee@samsung.com>
	Tue, 21 Feb 2023 01:53:04 +0000 (10:53 +0900)
commit	8e17b5a9c2c07def3c5bc610ee1a4810896e1467
tree	f2b8b636c6ab8397ae77492569b2874f534970b3	tree \| snapshot
parent	71daa811a411b9eec23ffed38551cb4f574d53e5	commit \| diff

dbus-marshal-validate: Check brackets in signature nest correctly

In debug builds with assertions enabled, a signature with incorrectly
nested `()` and `{}`, for example `a{i(u}` or `(a{ii)}`, could result
in an assertion failure.

In production builds without assertions enabled, a signature with
incorrectly nested `()` and `{}` could potentially result in a crash
or incorrect message parsing, although we do not have a concrete example
of either of these failure modes.

Thanks: Evgeny Vereshchagin
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
Resolves: CVE-2022-42010
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 9d07424e9011e3bbe535e83043d335f3093d2916)
(cherry picked from commit 3e53a785dee8d1432156188a2c4260e4cbc78c4d)

Change-Id: I0b3f37401dd6e0a0e8a9004e5a85e166b68db810
Signed-off-by: Unsung Lee <unsung.lee@samsung.com>