diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-07-09 13:21:44 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-10-02 11:53:20 +0200 |
| commit | 81b6e63029eefcb0ec03a3a7c248490e38106073 (patch) | |
| tree | fe33a1a4104fd926a09757e4aeb10e60fb741d69 /src/libsystemd | |
| parent | 69bd42ca072dfb2f7603b1f82053063293ab54b5 (diff) | |
| download | systemd-81b6e63029eefcb0ec03a3a7c248490e38106073.tar.gz | |
bus-message: do not crash on message with a string of zero length
We'd calculate the "real" length of the string as 'item_size - 1', which does
not work out well when item_size == 0.
Diffstat (limited to 'src/libsystemd')
| -rw-r--r-- | src/libsystemd/sd-bus/bus-message.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c index 41760b5915..76df43e095 100644 --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c @@ -3292,6 +3292,12 @@ _public_ int sd_bus_message_read_basic(sd_bus_message *m, char type, void *p) { if (IN_SET(type, SD_BUS_TYPE_STRING, SD_BUS_TYPE_OBJECT_PATH, SD_BUS_TYPE_SIGNATURE)) { bool ok; + /* D-Bus spec: The marshalling formats for the string-like types all end + * with a single zero (NUL) byte, but that byte is not considered to be part + * of the text. */ + if (c->item_size == 0) + return -EBADMSG; + r = message_peek_body(m, &rindex, 1, c->item_size, &q); if (r < 0) return r; |