mirror of
https://gitlab.freedesktop.org/dbus/dbus.git
synced 2026-05-05 16:58:00 +02:00
bef693f442
Reproduces: https://gitlab.freedesktop.org/dbus/dbus/-/issues/417 Signed-off-by: Simon McVittie <smcv@collabora.com>
43 lines
2.1 KiB
Text
43 lines
2.1 KiB
Text
# Copyright 2022 Evgeny Vereshchagin
|
|
# Copyright 2022 Collabora Ltd.
|
|
# SPDX-License-Identifier: MIT
|
|
#
|
|
# This is an annotated hex-dump of a message originally generated by a
|
|
# fuzzer.
|
|
#
|
|
# To output as binary:
|
|
# sed -e 's/#.*//' test/data/invalid-messages/endian.message-raw.hex |
|
|
# xxd -p -r - test/data/invalid-messages/endian.message-raw
|
|
#
|
|
# This message is technically valid, but not practically useful: it
|
|
# contains a "handle" for the 4163371528th out-of-band file descriptor,
|
|
# which is not a practically useful thing to send, because it exceeds any
|
|
# reasonable number of file descriptors to attach to a message.
|
|
#
|
|
# The message is also in big-endian encoding (the opposite of the encoding
|
|
# used by all commonly-used CPU architectures in 2022), which until
|
|
# recently would trigger a denial-of-service vulnerability in the dbus
|
|
# message marshalling code.
|
|
|
|
# Offset % 0x10:
|
|
# 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f
|
|
|
|
42 # big-endian
|
|
2d # an undefined message type
|
|
31 # flags
|
|
01 # major protocol version 1
|
|
0000 000c # message body is 0x0c = 12 bytes
|
|
97bc 9023 # serial number 0x97bc9023
|
|
0000 0008 # header is an array of 8 bytes of struct (yv)
|
|
08 # header field code 0x08 (signature)
|
|
01 # variant signature is 1 byte
|
|
6700 # "g" \0
|
|
02 # signature is 2 bytes
|
|
68 7600 # "hv" \0
|
|
# begin message body, 12 bytes
|
|
f828 0208 # out-of-band fd, index = 0xf8280208
|
|
02 # variant signature is 2 bytes
|
|
61 7600 # "av" \0
|
|
0000 0000 # array length is 0
|
|
|
|
#sha1 f99a286aaaf84d9b97549f35f71042f4a2f37e78
|