From 9600172374af39f605baa13be0e60887a6469d3f Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 11 Feb 2015 19:07:22 +0000 Subject: [PATCH 2/2] [fix for 3/5] verify that security label has no embedded \0 --- dbus/dbus-sysdeps-unix.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index 2184cea..8010df1 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -1728,7 +1728,23 @@ add_linux_security_label_to_credentials (int client_fd, len--; } - _dbus_string_set_length (&buf, len); + if (!_dbus_string_set_length (&buf, len)) + { + _dbus_assert_not_reached ("shortening string should not lead to OOM"); + oom = TRUE; + goto out; + } + + if (strlen (_dbus_string_get_const_data (&buf)) != len) + { + /* LSM people on the linux-security-module@ mailing list say this + * should never happen: the label should be a bytestring with + * an optional trailing \0 */ + _dbus_verbose ("security label from kernel had an embedded \\0, " + "ignoring it\n"); + goto out; + } + _dbus_verbose ("getsockopt(SO_PEERSEC): %lu bytes excluding \\0: %s\n", (unsigned long) len, _dbus_string_get_const_data (&buf)); -- 2.1.4