Ubuntu
qt4-x11 package

DBUs-Signatures are not verified aganist too long or messages or to deep recursions

Bug #1196869 reported by Walter Schneider
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
qt4-x11 (Ubuntu)
New
Undecided
Unassigned

Bug Description

The DBus-Signatures are not fully verified in qdbusutil.cpp.
The syntax is checked, but not the maximum length and the maximum recursion depth.
In qt4.5 this check was done by calling the valdidation-methods of libdbus itself.

Enclosed is a patch for DBUS_MAXIMUM_SIGNATURE_LENGTH and DBUS_MAXIMUM_TYPE_RECURSION_DEPTH checks.

Tags: patch
Revision history for this message
Walter Schneider (walter-schneider) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "qt4-4.8.1-qdbus-signature-check.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Dmitry Shachnev (mitya57) wrote :

Thanks for your work, please submit your patch upstream using instructions at https://qt-project.org/wiki/Gerrit-Introduction.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.