[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: Clarifications on the D-Bus specification
From:       Havoc Pennington <hp () pobox ! com>
Date:       2010-12-13 2:45:09
Message-ID: AANLkTinKec6MX5TYZMhKtSwpnk5b+Aj_=OgMXUN4GtYx () mail ! gmail ! com
[Download RAW message or body]

I posted patches to the bug that need testing with your exploit and
need a spec patch. My patches assume the max nest depth is 64. Some
code in dbus-message.c breaks if a DBusMessage goes over 255, so I'd
recommend not going over that. But 128 would be pretty easily possible
if desired.

I used "2 * DBUS_MAXIMUM_TYPE_RECURSION_DEPTH" instead of adding a new
constant to dbus-protocol.h since that was already the max nesting in
a signature if you nested arrays in structs. But maybe it should be a
new constant, especially if it isn't 64.

Someone else will need to pick this up tomorrow and get it pushed, but
I hope my start on it is helpful.

Thanks
Havoc
[prev in list] [next in list] [prev in thread] [next in thread]