bus-message: validate signature in gvariant messages

We would accept a message with 40k signature and spend a lot of time iterating over the nested arrays. Let's just reject it early, as we do for !gvariant messages.
2019-04-11 14:01:38 +02:00 · 2019-04-11 14:01:38 +02:00 · f0ae945ecc
parent 4ddff52640
commit f0ae945ecc
2 changed files with 4 additions and 1 deletions
--- a/src/libsystemd/sd-bus/bus-message.c
+++ b/src/libsystemd/sd-bus/bus-message.c
@ -5152,7 +5152,7 @@ int bus_message_parse_fields(sd_bus_message *m) {
                                return -EBADMSG;

                        if (*p == 0) {
-                                char *k;
+                                _cleanup_free_ char *k = NULL;
                                size_t l;

                                /* We found the beginning of the signature
@ -5170,6 +5170,9 @@ int bus_message_parse_fields(sd_bus_message *m) {
                                if (!k)
                                        return -ENOMEM;

+                                if (!signature_is_valid(k, true))
+                                        return -EBADMSG;
+
                                free_and_replace(m->root_container.signature, k);
                                break;
                        }
--- a/test/fuzz/fuzz-bus-message/oss-fuzz-14016
+++ b/test/fuzz/fuzz-bus-message/oss-fuzz-14016