summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--NEWS10
-rw-r--r--dbus/dbus-marshal-header.c6
2 files changed, 16 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 3bee8c40..be5c0144 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,13 @@
+D-Bus 1.2.28 (UNRELEASED)
+==
+
+• Byte-swap foreign-endian messages correctly, preventing a long-standing
+ local DoS if foreign-endian messages are relayed through the dbus-daemon
+ (fd.o #38120, Debian #629938, no CVE number yet; Simon McVittie)
+
+• Use AC_TRY_COMPILE in configure to avoid a symlink attack in /tmp
+ during compilation
+
D-Bus 1.2.26 (21 December 2010)
==
diff --git a/dbus/dbus-marshal-header.c b/dbus/dbus-marshal-header.c
index ec98a5ee..896e3ce1 100644
--- a/dbus/dbus-marshal-header.c
+++ b/dbus/dbus-marshal-header.c
@@ -1462,14 +1462,20 @@ void
_dbus_header_byteswap (DBusHeader *header,
int new_order)
{
+ unsigned char byte_order;
+
if (header->byte_order == new_order)
return;
+ byte_order = _dbus_string_get_byte (&header->data, BYTE_ORDER_OFFSET);
+ _dbus_assert (header->byte_order == byte_order);
+
_dbus_marshal_byteswap (&_dbus_header_signature_str,
0, header->byte_order,
new_order,
&header->data, 0);
+ _dbus_string_set_byte (&header->data, BYTE_ORDER_OFFSET, new_order);
header->byte_order = new_order;
}