shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-21 22:04:01 +03:00
Code

bus-message: validate signature in gvariant messages

Browse Source 
We would accept a message with 40k signature and spend a lot of time iterating
over the nested arrays. Let's just reject it early, as we do for !gvariant
messages.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2019-04-11 14:01:38 +02:00
parent 4ddff52640
commit f0ae945ecc
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/libsystemd/sd-bus/bus-message.c
View File

@ -5152,7 +5152,7 @@ int bus_message_parse_fields(sd_bus_message *m) {
return -EBADMSG;
if (*p == 0) {
char *k;
_cleanup_free_ char *k = NULL;
size_t l;
/* We found the beginning of the signature
@ -5170,6 +5170,9 @@ int bus_message_parse_fields(sd_bus_message *m) {
if (!k)
return -ENOMEM;
if (!signature_is_valid(k, true))
return -EBADMSG;
free_and_replace(m->root_container.signature, k);
break;
}

BIN
test/fuzz/fuzz-bus-message/oss-fuzz-14016 Normal file
View File

Binary file not shown.