Don't access random memory if data slot isn't allocated yet

If DBUS_DISABLE_ASSERTS was turned on, and a buggy program called dbus_connection_get_data() with a slot number less than zero (eg, before even allocating the data slot), random memory would be accessed and a random value returned. Anything less than zero is not a valid slot number and should be rejected by libdbus. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63127 Signed-off-by: Dan Williams <dcbw@redhat.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
author: Dan Williams <dcbw@redhat.com> 2013-04-04 10:49:18 -0500
committer: Simon McVittie <simon.mcvittie@collabora.co.uk> 2013-04-05 12:45:18 +0100
commit: 1495c207b4c76e306a3fe666fffe2b95e0326f3e (patch)
tree: d1cf6caad133c5c56fb8664076aefe9ba5045a63
parent: aa8dcc13a6f0e8711940fae247d1b8064104f893 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c
index ee33b6cc..66315b3f 100644
--- a/dbus/dbus-connection.c
+++ b/dbus/dbus-connection.c
@@ -5974,7 +5974,8 @@ dbus_connection_get_data (DBusConnection   *connection,
   void *res;
 
   _dbus_return_val_if_fail (connection != NULL, NULL);
-  
+  _dbus_return_val_if_fail (slot >= 0, NULL);
+
   SLOTS_LOCK (connection);
 
   res = _dbus_data_slot_list_get (&slot_allocator,
author	Dan Williams <dcbw@redhat.com>	2013-04-04 10:49:18 -0500
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>	2013-04-05 12:45:18 +0100
commit	1495c207b4c76e306a3fe666fffe2b95e0326f3e (patch)
tree	d1cf6caad133c5c56fb8664076aefe9ba5045a63
parent	aa8dcc13a6f0e8711940fae247d1b8064104f893 (diff)