Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <AANLkTinKec6MX5TYZMhKtSwpnk5b+Aj_=OgMXUN4GtYx@mail.gmail.com>
Date: Sun, 12 Dec 2010 21:45:09 -0500
From: Havoc Pennington <hp@...ox.com>
To: RĂ©mi Denis-Courmont <remi@...lab.net>
Cc: dbus@...ts.freedesktop.org, oss-security@...ts.openwall.com
Subject: Re: Clarifications on the D-Bus specification

I posted patches to the bug that need testing with your exploit and
need a spec patch. My patches assume the max nest depth is 64. Some
code in dbus-message.c breaks if a DBusMessage goes over 255, so I'd
recommend not going over that. But 128 would be pretty easily possible
if desired.

I used "2 * DBUS_MAXIMUM_TYPE_RECURSION_DEPTH" instead of adding a new
constant to dbus-protocol.h since that was already the max nesting in
a signature if you nested arrays in structs. But maybe it should be a
new constant, especially if it isn't 64.

Someone else will need to pick this up tomorrow and get it pushed, but
I hope my start on it is helpful.

Thanks
Havoc

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.