diff options
author | Havoc Pennington <hp@pobox.com> | 2010-12-12 21:08:43 -0500 |
---|---|---|
committer | Will Thompson <will.thompson@collabora.co.uk> | 2010-12-20 21:39:00 +0000 |
commit | 7d65a3a6ed8815e34a99c680ac3869fde49dbbd4 (patch) | |
tree | 230fe4f9beaa1be2eb5137b3103fde668cf6f8df /doc | |
parent | f2905def7b65970724e57c2d57202de8d7138e98 (diff) |
CVE 2010-4352: Reject deeply nested variants
Add DBUS_INVALID_NESTED_TOO_DEEPLY validity problem and a test that
should generate it.
Previously, we rejected deep nesting in the signature, but
variants allow dynamic message nesting, conditional only
on the depth of the message body.
The nesting limit is 64, which was also the limit in static
signatures. Empirically, dynamic nesting depth observed on my
Fedora 14 system doesn't exceed 2; 64 is really a huge limit.
https://bugs.freedesktop.org/show_bug.cgi?id=32321
Signed-Off-By: Colin Walters <walters@verbum.org>
Signed-off-by: Will Thompson <will.thompson@collabora.co.uk>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/dbus-specification.xml | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml index 9a5d70ca..ee5aac58 100644 --- a/doc/dbus-specification.xml +++ b/doc/dbus-specification.xml @@ -620,12 +620,14 @@ </row><row> <entry><literal>VARIANT</literal></entry> <entry> - A variant type has a marshaled <literal>SIGNATURE</literal> - followed by a marshaled value with the type - given in the signature. - Unlike a message signature, the variant signature - can contain only a single complete type. - So "i", "ai" or "(ii)" is OK, but "ii" is not. + A variant type has a marshaled + <literal>SIGNATURE</literal> followed by a marshaled + value with the type given in the signature. Unlike + a message signature, the variant signature can + contain only a single complete type. So "i", "ai" + or "(ii)" is OK, but "ii" is not. Use of variants may not + cause a total message depth to be larger than 64, including + other container types such as structures. </entry> <entry> 1 (alignment of the signature) |