glib/docs/reference
Philip Withnall e78f0a79ae gvarianttype: Impose a recursion limit of 128 on variant types
Previously, GVariant has allowed ‘arbitrary’ recursion on GVariantTypes,
but this isn’t really feasible. We have to deal with GVariants from
untrusted sources, and the nature of GVariantType means that another
level of recursion (and hence, for example, another stack frame in your
application) can be added with a single byte in a variant type signature
in the input. This gives malicious input sources far too much leverage
to cause deep stack recursion or massive memory allocations which can
DoS an application.

Limit recursion to 128 levels (which should be more than enough for
anyone™), document it and add a test. This is, handily, also the limit
of 64 applied by the D-Bus specification (§(Valid Signatures)), plus a
bit to allow wrapping of D-Bus messages in additional layers of
variants.

oss-fuzz#9857

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-11-06 12:06:51 +00:00
..
gio Spelling: avoid the "allows to" pattern 2018-10-10 13:51:07 -04:00
glib gvarianttype: Impose a recursion limit of 128 on variant types 2018-11-06 12:06:51 +00:00
gobject Spelling: Fix spelling of "interpreted" 2018-10-10 13:51:07 -04:00
.gitignore .gitignore manpages (*.1) 2010-05-24 23:21:01 -04:00
AUTHORS Initial revision 1999-08-16 17:58:30 +00:00
ChangeLog Update README files to refer to git 2009-03-31 19:39:16 -04:00
COPYING Initial revision 1999-08-16 17:58:30 +00:00
Makefile.am docs/: ignore gtester Makefile targets 2013-05-29 21:36:50 -04:00
NEWS Initial revision 1999-08-16 17:58:30 +00:00