diff options
| author | Simon McVittie <smcv@collabora.com> | 2022-09-30 14:01:05 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@collabora.com> | 2022-10-05 10:24:43 +0100 |
| commit | bef693f442d854505e7013fd31efe41747d7493c (patch) | |
| tree | cd5b055212d05454d7b54b4920095502b17c4c10 /test | |
| parent | 7a2c13d21be702c7b5b7288fb82a60adc5bd7378 (diff) | |
| download | dbus-bef693f442d854505e7013fd31efe41747d7493c.tar.gz | |
test: Parse a message with a byteswapped Unix fd index
Reproduces: https://gitlab.freedesktop.org/dbus/dbus/-/issues/417
Signed-off-by: Simon McVittie <smcv@collabora.com>
Diffstat (limited to 'test')
| -rw-r--r-- | test/Makefile.am | 2 | ||||
| -rw-r--r-- | test/data/meson.build | 2 | ||||
| -rw-r--r-- | test/data/valid-messages/byteswap-fd-index.message-raw | bin | 0 -> 36 bytes | |||
| -rw-r--r-- | test/data/valid-messages/byteswap-fd-index.message-raw.hex | 43 | ||||
| -rw-r--r-- | test/message.c | 1 |
5 files changed, 48 insertions, 0 deletions
diff --git a/test/Makefile.am b/test/Makefile.am index 54ec3693..3d35d3fa 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -762,6 +762,8 @@ static_data = \ data/valid-config-files/standard-session-dirs.conf \ data/valid-config-files-system/many-rules.conf \ data/valid-config-files-system/system.d/test.conf \ + data/valid-messages/byteswap-fd-index.message-raw \ + data/valid-messages/byteswap-fd-index.message-raw.hex \ data/valid-messages/minimal.message-raw \ data/valid-messages/minimal.message-raw.hex \ $(NULL) diff --git a/test/data/meson.build b/test/data/meson.build index 45fb6f91..e3646c9f 100644 --- a/test/data/meson.build +++ b/test/data/meson.build @@ -110,6 +110,8 @@ data_to_install = [ 'valid-config-files/many-rules.conf', 'valid-config-files/minimal.conf', 'valid-config-files/standard-session-dirs.conf', + 'valid-messages/byteswap-fd-index.message-raw', + 'valid-messages/byteswap-fd-index.message-raw.hex', 'valid-messages/minimal.message-raw', 'valid-messages/minimal.message-raw.hex', ] diff --git a/test/data/valid-messages/byteswap-fd-index.message-raw b/test/data/valid-messages/byteswap-fd-index.message-raw Binary files differnew file mode 100644 index 00000000..a1724ff8 --- /dev/null +++ b/test/data/valid-messages/byteswap-fd-index.message-raw diff --git a/test/data/valid-messages/byteswap-fd-index.message-raw.hex b/test/data/valid-messages/byteswap-fd-index.message-raw.hex new file mode 100644 index 00000000..f3d0f912 --- /dev/null +++ b/test/data/valid-messages/byteswap-fd-index.message-raw.hex @@ -0,0 +1,43 @@ +# Copyright 2022 Evgeny Vereshchagin +# Copyright 2022 Collabora Ltd. +# SPDX-License-Identifier: MIT +# +# This is an annotated hex-dump of a message originally generated by a +# fuzzer. +# +# To output as binary: +# sed -e 's/#.*//' test/data/invalid-messages/endian.message-raw.hex | +# xxd -p -r - test/data/invalid-messages/endian.message-raw +# +# This message is technically valid, but not practically useful: it +# contains a "handle" for the 4163371528th out-of-band file descriptor, +# which is not a practically useful thing to send, because it exceeds any +# reasonable number of file descriptors to attach to a message. +# +# The message is also in big-endian encoding (the opposite of the encoding +# used by all commonly-used CPU architectures in 2022), which until +# recently would trigger a denial-of-service vulnerability in the dbus +# message marshalling code. + +# Offset % 0x10: +# 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f + + 42 # big-endian + 2d # an undefined message type + 31 # flags + 01 # major protocol version 1 + 0000 000c # message body is 0x0c = 12 bytes + 97bc 9023 # serial number 0x97bc9023 + 0000 0008 # header is an array of 8 bytes of struct (yv) + 08 # header field code 0x08 (signature) + 01 # variant signature is 1 byte + 6700 # "g" \0 + 02 # signature is 2 bytes + 68 7600 # "hv" \0 + # begin message body, 12 bytes + f828 0208 # out-of-band fd, index = 0xf8280208 + 02 # variant signature is 2 bytes + 61 7600 # "av" \0 + 0000 0000 # array length is 0 + +#sha1 f99a286aaaf84d9b97549f35f71042f4a2f37e78 diff --git a/test/message.c b/test/message.c index 58966cb8..60ef113d 100644 --- a/test/message.c +++ b/test/message.c @@ -514,6 +514,7 @@ add_oom_test (const gchar *name, static const char *valid_messages[] = { + "byteswap-fd-index", "minimal", }; |