powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1078 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: f2832ef8fa
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f2832ef8fa'
${ noResults }
base/SOURCES/0690-bus-message-do-not-cra...

45 lines
2.0 KiB
Raw Blame History

From 0045159ffd9fb174b3da5fcccb5d2139245fe089 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 9 Jul 2018 13:21:44 +0200
Subject: [PATCH] bus-message: do not crash on message with a string of zero
length
We'd calculate the "real" length of the string as 'item_size - 1', which does
not work out well when item_size == 0.
(cherry-picked from commit 81b6e63029eefcb0ec03a3a7c248490e38106073)
Resolves: #1643396
---
src/libsystemd/sd-bus/bus-message.c | 6 ++++++
.../crash-29ed3c202e0ffade3cad42c8bbeb6cc68a21eb8e | Bin 0 -> 51 bytes
2 files changed, 6 insertions(+)
create mode 100644 test/fuzz/fuzz-bus-message/crash-29ed3c202e0ffade3cad42c8bbeb6cc68a21eb8e
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
index c8402a23a9..121e65674d 100644
--- a/src/libsystemd/sd-bus/bus-message.c
+++ b/src/libsystemd/sd-bus/bus-message.c
@@ -3402,6 +3402,12 @@ _public_ int sd_bus_message_read_basic(sd_bus_message *m, char type, void *p) {
if (IN_SET(type, SD_BUS_TYPE_STRING, SD_BUS_TYPE_OBJECT_PATH, SD_BUS_TYPE_SIGNATURE)) {
bool ok;
+ /* D-Bus spec: The marshalling formats for the string-like types all end
+ * with a single zero (NUL) byte, but that byte is not considered to be part
+ * of the text. */
+ if (c->item_size == 0)
+ return -EBADMSG;
+
r = message_peek_body(m, &rindex, 1, c->item_size, &q);
if (r < 0)
return r;
diff --git a/test/fuzz/fuzz-bus-message/crash-29ed3c202e0ffade3cad42c8bbeb6cc68a21eb8e b/test/fuzz/fuzz-bus-message/crash-29ed3c202e0ffade3cad42c8bbeb6cc68a21eb8e
new file mode 100644
index 0000000000000000000000000000000000000000..4488f0a6c685b5d43eddbe41a0c6a3b6be9b02e2
GIT binary patch
literal 51
fcmc~1WMC4sJpJnr13KV`0|t%6q+%$@&=ddw)CUPg
literal 0
HcmV?d00001