git-history.diyao.me Git - systemd/.git/commit

author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Thu, 23 Aug 2018 12:48:40 +0000 (14:48 +0200)
committer	Lukáš Nykrýn <lnykryn@redhat.com>
	Fri, 3 May 2019 10:50:30 +0000 (12:50 +0200)
commit	709214f554355158b2c3e70c7f3424997e002cee
tree	674b85b9bfb3867270ffecbd9a29d4714b04c684	tree \| snapshot
parent	b63440ad69581bad39a2eda7ab449f8a3f901c4e	commit \| diff

bus-message: avoid wrap-around when using length read from message

We would read (-1), and then add 1 to it, call message_peek_body(..., 0, ...),
and when trying to make use of the data.

The fuzzer test case is just for one site, but they all look similar.

v2: fix two UINT8_MAX/UINT32_MAX mismatches founds by LGTM
(cherry picked from commit 902000c19830f5e5a96e8948d691b42e91ecb1e7)

Resolves: #1696224

src/libsystemd/sd-bus/bus-message.c		diff \| blob \| history
test/fuzz/fuzz-bus-message/crash-603dfd98252375ac7dbced53c2ec312671939a36	[new file with mode: 0644]	blob

https://github.com/systemd/systemd.git

RSS Atom