_dbus_string_skip_blank(): Let the final assert follow the previous search

This appears to have been a copy/paste mistake. If only blanks (defined as spaces or tabs) were removed, then it cannot be right to check for white space (defined as spaces, tabs, carriage return or linefeed) afterwards. If libdbus was compiled with assertions enabled, then this is a denial-of-service issue for dbus-daemon or other users of DBusServer: an unauthenticated user with access to the server's socket can send whitespace that triggers this assertion failure. We recommend that production versions of dbus, for example in OS distributions, should be compiled with checks but without assertions. [smcv: expanded commit message] Thanks: Evgeny Vereshchagin Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/421
author: Ralf Habacker <ralf.habacker@freenet.de> 2023-01-19 16:17:43 +0100
committer: Simon McVittie <smcv@collabora.com> 2023-02-08 12:04:12 +0000
commit: 27581805e1b8fba91534840ae1a7d65f99954d76 (patch)
tree: a14b11a68ce9ad77e4ec988c227310493bd46a54
parent: fb08b875e8da105d7bf704853fb7d5818c82ac3a (diff)
download: dbus-27581805e1b8fba91534840ae1a7d65f99954d76.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/dbus/dbus-string.c b/dbus/dbus-string.c
index 529a099e..278ceb07 100644
--- a/dbus/dbus-string.c
+++ b/dbus/dbus-string.c
@@ -1878,7 +1878,7 @@ _dbus_string_skip_blank (const DBusString *str,
       ++i;
     }
 
-  _dbus_assert (i == real->len || !DBUS_IS_ASCII_WHITE (real->str[i]));
+  _dbus_assert (i == real->len || !DBUS_IS_ASCII_BLANK (real->str[i]));
   
   if (end)
     *end = i;
author	Ralf Habacker <ralf.habacker@freenet.de>	2023-01-19 16:17:43 +0100
committer	Simon McVittie <smcv@collabora.com>	2023-02-08 12:04:12 +0000
commit	27581805e1b8fba91534840ae1a7d65f99954d76 (patch)
tree	a14b11a68ce9ad77e4ec988c227310493bd46a54
parent	fb08b875e8da105d7bf704853fb7d5818c82ac3a (diff)
download	dbus-27581805e1b8fba91534840ae1a7d65f99954d76.tar.gz