fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-05-23 23:38:10 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'dbus-1.6'

Browse source 
Conflicts:
	NEWS
	configure.ac
This commit is contained in:
Simon McVittie 2013-06-12 14:49:37 +01:00
commit 51fe1c05ac
5 changed files with 121 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
NEWS
View file

@ -1,6 +1,12 @@
D-Bus 1.7.4 (UNRELEASED)
==
Security fixes:
• CVE-2013-2168: Fix misuse of va_list that could be used as a denial
of service for system services. Vulnerability reported by Alexandru Cornea.
(Simon)
Dependencies:
• The Windows version of libdbus now contains a C++ source file, used
@ -21,7 +27,7 @@ Enhancements:
• Improve dbus-send documentation and command-line parsing (fd.o #65424,
Chengwei Yang)
Fixes:
Other fixes:
• In dbus-daemon, don't crash if a .service file starts with key=value
(fd.o #60853, Chengwei Yang)

16
dbus/dbus-sysdeps-unix.c
View file

@ -3135,8 +3135,11 @@ _dbus_printf_string_upper_bound (const char *format,
char static_buf[1024];
int bufsize = sizeof (static_buf);
int len;
va_list args_copy;
len = vsnprintf (static_buf, bufsize, format, args);
DBUS_VA_COPY (args_copy, args);
len = vsnprintf (static_buf, bufsize, format, args_copy);
va_end (args_copy);
/* If vsnprintf() returned non-negative, then either the string fits in
* static_buf, or this OS has the POSIX and C99 behaviour where vsnprintf
@ -3152,8 +3155,12 @@ _dbus_printf_string_upper_bound (const char *format,
* or the real length could be coincidentally the same. Which is it?
* If vsnprintf returns the truncated length, we'll go to the slow
* path. */
if (vsnprintf (static_buf, 1, format, args) == 1)
DBUS_VA_COPY (args_copy, args);
if (vsnprintf (static_buf, 1, format, args_copy) == 1)
len = -1;
va_end (args_copy);
}
/* If vsnprintf() returned negative, we have to do more work.
@ -3169,7 +3176,10 @@ _dbus_printf_string_upper_bound (const char *format,
if (buf == NULL)
return -1;
len = vsnprintf (buf, bufsize, format, args);
DBUS_VA_COPY (args_copy, args);
len = vsnprintf (buf, bufsize, format, args_copy);
va_end (args_copy);
dbus_free (buf);
/* If the reported length is exactly the buffer size, round up to the

9
dbus/dbus-sysdeps-win.c
View file

@ -626,9 +626,12 @@ int _dbus_printf_string_upper_bound (const char *format,
char buf[1024];
int bufsize;
int len;
va_list args_copy;
bufsize = sizeof (buf);
len = _vsnprintf (buf, bufsize - 1, format, args);
DBUS_VA_COPY (args_copy, args);
len = _vsnprintf (buf, bufsize - 1, format, args_copy);
va_end (args_copy);
while (len == -1) /* try again */
{
@ -641,7 +644,9 @@ int _dbus_printf_string_upper_bound (const char *format,
if (p == NULL)
return -1;
len = _vsnprintf (p, bufsize - 1, format, args);
DBUS_VA_COPY (args_copy, args);
len = _vsnprintf (p, bufsize - 1, format, args_copy);
va_end (args_copy);
free (p);
}

5
test/Makefile.am
View file

@ -81,6 +81,10 @@ shell_test_LDADD = libdbus-testutils.la
spawn_test_CPPFLAGS = $(static_cppflags)
spawn_test_LDADD = $(top_builddir)/dbus/libdbus-internal.la
test_printf_SOURCES = internals/printf.c
test_printf_CPPFLAGS = $(static_cppflags)
test_printf_LDADD = $(top_builddir)/dbus/libdbus-internal.la
test_refs_SOURCES = internals/refs.c
test_refs_CPPFLAGS = $(static_cppflags)
test_refs_LDADD = libdbus-testutils.la $(GLIB_LIBS)
@ -97,6 +101,7 @@ testexec_PROGRAMS =
installable_tests = \
shell-test \
test-printf \
$(NULL)
if DBUS_WITH_GLIB

89
test/internals/printf.c Normal file
View file

@ -0,0 +1,89 @@
/* Regression test for _dbus_printf_string_upper_bound
*
* Author: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Copyright © 2013 Intel Corporation
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <config.h>
#define DBUS_COMPILATION /* this test uses libdbus-internal */
#include <dbus/dbus.h>
#include <dbus/dbus-internals.h>
#include <dbus/dbus-string.h>
#include "test-utils.h"
#include <stdio.h>
#include <stdlib.h>
static void
do_test (int minimum,
const char *format,
...)
{
va_list ap;
int result;
va_start (ap, format);
result = _dbus_printf_string_upper_bound (format, ap);
va_end (ap);
if (result < minimum)
{
fprintf (stderr, "expected at least %d, got %d\n", minimum, result);
abort ();
}
}
#define X_TIMES_8 "XXXXXXXX"
#define X_TIMES_16 X_TIMES_8 X_TIMES_8
#define X_TIMES_32 X_TIMES_16 X_TIMES_16
#define X_TIMES_64 X_TIMES_32 X_TIMES_32
#define X_TIMES_128 X_TIMES_64 X_TIMES_64
#define X_TIMES_256 X_TIMES_128 X_TIMES_128
#define X_TIMES_512 X_TIMES_256 X_TIMES_256
#define X_TIMES_1024 X_TIMES_512 X_TIMES_512
int
main (int argc,
char **argv)
{
char buf[] = X_TIMES_1024 X_TIMES_1024 X_TIMES_1024 X_TIMES_1024;
int i;
do_test (1, "%d", 0);
do_test (7, "%d", 1234567);
do_test (3, "%f", 3.5);
do_test (0, "%s", "");
do_test (1024, "%s", X_TIMES_1024);
do_test (1025, "%s", X_TIMES_1024 "Y");
for (i = 4096; i > 0; i--)
{
buf[i] = '\0';
do_test (i, "%s", buf);
do_test (i + 3, "%s:%d", buf, 42);
}
return 0;
}