Clarifications on the D-Bus specification

Thiago Macieira thiago at kde.org
Fri Dec 10 11:52:40 PST 2010


On Friday, 10 de December de 2010 19:48:06 Rémi Denis-Courmont wrote:
> On Fri, 10 Dec 2010 13:33:10 -0500, Havoc Pennington <hp at pobox.com> wrote:
> > In a quick look I don't see any limit in the libdbus source on
> > recursing into nested types. The limit is just on the "depth" of the
> > type signature, which does not reflect dynamic type recursion as
> > created by variants.
> > 
> > It could probably be fixed by tracking the recursion depth in the
> > iterators. But the API probably doesn't allow throwing an error from
> > the right functions. So it could be tricky.
> 
> I am a bit concerned here. Unlimited recursion might trigger a call stack
> overflow somewhere (I do mean proper stack overflow, not stack-based buffer
> overflow).

There's a distinction here:

I don't think the lib or the daemon need to impose the limits set in the spec. 
The limits are there so that implementations can limit if they need to. But if 
the code doesn't need to check for this, it shouldn't.

The other thing is protection against an attack vector -- an exploit by 
recursion. If the protection is by applying one of the limits, then let's use 
it.

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
  Senior Product Manager - Nokia, Qt Development Frameworks
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20101210/12a8a201/attachment.pgp>


More information about the dbus mailing list