_dbus_string_skip_blank(): Let the final assert follow the previous search

This appears to have been a copy/paste mistake. If only blanks (defined as spaces or tabs) were removed, then it cannot be right to check for white space (defined as spaces, tabs, carriage return or linefeed) afterwards. If libdbus was compiled with assertions enabled, then this is a denial-of-service issue for dbus-daemon or other users of DBusServer: an unauthenticated user with access to the server's socket can send whitespace that triggers this assertion failure. We recommend that production versions of dbus, for example in OS distributions, should be compiled with checks but without assertions. [smcv: expanded commit message] Thanks: Evgeny Vereshchagin Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/421
author: Ralf Habacker <ralf.habacker@freenet.de> 2023-01-19 16:17:43 +0100
committer: Simon McVittie <smcv@collabora.com> 2023-02-08 11:40:58 +0000
commit: 5ef6e3664bd2202f7fed46f67f68dd823b8cebe0 (patch)
tree: 64ec6400fe22ddbaab39cf8ef2ab3a2d3e9c0262
parent: 3d11ad735be982668f1c441629cac41dbb88d1de (diff)
download: dbus-5ef6e3664bd2202f7fed46f67f68dd823b8cebe0.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/dbus/dbus-string.c b/dbus/dbus-string.c
index 98d9f2b7..d9d1e359 100644
--- a/dbus/dbus-string.c
+++ b/dbus/dbus-string.c
@@ -1818,7 +1818,7 @@ _dbus_string_skip_blank (const DBusString *str,
       ++i;
     }
 
-  _dbus_assert (i == real->len || !DBUS_IS_ASCII_WHITE (real->str[i]));
+  _dbus_assert (i == real->len || !DBUS_IS_ASCII_BLANK (real->str[i]));
   
   if (end)
     *end = i;
author	Ralf Habacker <ralf.habacker@freenet.de>	2023-01-19 16:17:43 +0100
committer	Simon McVittie <smcv@collabora.com>	2023-02-08 11:40:58 +0000
commit	5ef6e3664bd2202f7fed46f67f68dd823b8cebe0 (patch)
tree	64ec6400fe22ddbaab39cf8ef2ab3a2d3e9c0262
parent	3d11ad735be982668f1c441629cac41dbb88d1de (diff)
download	dbus-5ef6e3664bd2202f7fed46f67f68dd823b8cebe0.tar.gz