summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorHavoc Pennington <hp@pobox.com>2010-12-12 21:08:43 -0500
committerWill Thompson <will.thompson@collabora.co.uk>2010-12-20 21:39:00 +0000
commit7d65a3a6ed8815e34a99c680ac3869fde49dbbd4 (patch)
tree230fe4f9beaa1be2eb5137b3103fde668cf6f8df /doc
parentf2905def7b65970724e57c2d57202de8d7138e98 (diff)
CVE 2010-4352: Reject deeply nested variants
Add DBUS_INVALID_NESTED_TOO_DEEPLY validity problem and a test that should generate it. Previously, we rejected deep nesting in the signature, but variants allow dynamic message nesting, conditional only on the depth of the message body. The nesting limit is 64, which was also the limit in static signatures. Empirically, dynamic nesting depth observed on my Fedora 14 system doesn't exceed 2; 64 is really a huge limit. https://bugs.freedesktop.org/show_bug.cgi?id=32321 Signed-Off-By: Colin Walters <walters@verbum.org> Signed-off-by: Will Thompson <will.thompson@collabora.co.uk>
Diffstat (limited to 'doc')
-rw-r--r--doc/dbus-specification.xml14
1 files changed, 8 insertions, 6 deletions
diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml
index 9a5d70ca..ee5aac58 100644
--- a/doc/dbus-specification.xml
+++ b/doc/dbus-specification.xml
@@ -620,12 +620,14 @@
</row><row>
<entry><literal>VARIANT</literal></entry>
<entry>
- A variant type has a marshaled <literal>SIGNATURE</literal>
- followed by a marshaled value with the type
- given in the signature.
- Unlike a message signature, the variant signature
- can contain only a single complete type.
- So "i", "ai" or "(ii)" is OK, but "ii" is not.
+ A variant type has a marshaled
+ <literal>SIGNATURE</literal> followed by a marshaled
+ value with the type given in the signature. Unlike
+ a message signature, the variant signature can
+ contain only a single complete type. So "i", "ai"
+ or "(ii)" is OK, but "ii" is not. Use of variants may not
+ cause a total message depth to be larger than 64, including
+ other container types such as structures.
</entry>
<entry>
1 (alignment of the signature)