oss-sec mailing list archives
Re: Clarifications on the D-Bus specification
From: Havoc Pennington <hp () pobox com>
Date: Sun, 12 Dec 2010 21:45:09 -0500
I posted patches to the bug that need testing with your exploit and need a spec patch. My patches assume the max nest depth is 64. Some code in dbus-message.c breaks if a DBusMessage goes over 255, so I'd recommend not going over that. But 128 would be pretty easily possible if desired. I used "2 * DBUS_MAXIMUM_TYPE_RECURSION_DEPTH" instead of adding a new constant to dbus-protocol.h since that was already the max nesting in a signature if you nested arrays in structs. But maybe it should be a new constant, especially if it isn't 64. Someone else will need to pick this up tomorrow and get it pushed, but I hope my start on it is helpful. Thanks Havoc
Current thread:
- Re: Clarifications on the D-Bus specification RĂ©mi Denis-Courmont (Dec 11)
- Re: Clarifications on the D-Bus specification Havoc Pennington (Dec 12)