Clarifications on the D-Bus specification
thiago at kde.org
Fri Dec 10 11:52:40 PST 2010
On Friday, 10 de December de 2010 19:48:06 Rémi Denis-Courmont wrote:
> On Fri, 10 Dec 2010 13:33:10 -0500, Havoc Pennington <hp at pobox.com> wrote:
> > In a quick look I don't see any limit in the libdbus source on
> > recursing into nested types. The limit is just on the "depth" of the
> > type signature, which does not reflect dynamic type recursion as
> > created by variants.
> > It could probably be fixed by tracking the recursion depth in the
> > iterators. But the API probably doesn't allow throwing an error from
> > the right functions. So it could be tricky.
> I am a bit concerned here. Unlimited recursion might trigger a call stack
> overflow somewhere (I do mean proper stack overflow, not stack-based buffer
There's a distinction here:
I don't think the lib or the daemon need to impose the limits set in the spec.
The limits are there so that implementations can limit if they need to. But if
the code doesn't need to check for this, it shouldn't.
The other thing is protection against an attack vector -- an exploit by
recursion. If the protection is by applying one of the limits, then let's use
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Senior Product Manager - Nokia, Qt Development Frameworks
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 190 bytes
Desc: This is a digitally signed message part.
More information about the dbus