Re: Clarifications on the D-Bus specification

[Havoc Pennington <hp () pobox com>]

I posted patches to the bug that need testing with your exploit and
need a spec patch. My patches assume the max nest depth is 64. Some
code in dbus-message.c breaks if a DBusMessage goes over 255, so I'd
recommend not going over that. But 128 would be pretty easily possible
if desired.

I used "2 * DBUS_MAXIMUM_TYPE_RECURSION_DEPTH" instead of adding a new
constant to dbus-protocol.h since that was already the max nesting in
a signature if you nested arrays in structs. But maybe it should be a
new constant, especially if it isn't 64.

Someone else will need to pick this up tomorrow and get it pushed, but
I hope my start on it is helpful.

Thanks
Havoc