Buffer overflow
by jybarnes21@gmail.com
Hi.
I think the format_rule() function has buffer overflow vulnerability.
static void format_rule(struct filter_data *data, char *rule, size_t size)
{
const char *sender;
int offset;
offset = snprintf(rule, size, "type='signal'");
sender = data->name ? : data->owner;
if (sender)
offset += snprintf(rule + offset, size - offset,
",sender='%s'", sender);
if (data->path)
offset += snprintf(rule + offset, size - offset,
",path='%s'", data->path);
if (data->interface)
offset += snprintf(rule + offset, size - offset,
",interface='%s'", data->interface);
if (data->member)
offset += snprintf(rule + offset, size - offset,
",member='%s'", data->member);
if (data->argument)
snprintf(rule + offset, size - offset,
",arg0='%s'", data->argument);
}
snprintf returns the number of characters that would have been written if n had been sufficiently large.
If the format string is longer than the (size - offset), the snprintf will return a value larger than the (size-offset).
In normal cases, DBUS_MAXIMUM_MATCH_RULE_LENGTH(1024) is large, but an attacker can make malicious, large-scale inputs.
You can find the function in gdbus/watch.c
Thanks.
8 months, 1 week
Request for help for Input/Output error creating BNEP
by Bnà Marco
Hi all and thanks in advance to everyone that would like to help me.
My problem is related to the attempt to automatically establish a BNEP from a board ARM with Yocto and Bluez to a Windows PC.
The pairing is established successfully but I'm unable to finalize bnep creation with "connmanctl connect bluetooth_mac1_mac2".
Here is the attached log of the error.
Thanks
Marco
[Logo_NXenginee_tr_25]
Marco Bnà
Nexion Engineering S.r.l.
Via Modena 34,
42015 Correggio (RE)
Tel: (+39)0522747405
e-mail: m.bna(a)nexionengineering.com<mailto:m.bna@nexionengineering.com>
Legge sulla Privacy: D.Lgs. 196.2003
Qualora il messaggio fosse pervenuto per errore, preghiamo di cancellarlo immediatamente senza visionarne il contenuto e, se possibile, darcene gentilmente notizia. Avvertenza: la presente casella e-mail ed i messaggi da essa derivanti, sono di esclusivo utilizzo aziendale/lavorativo e mai personale.Risposte al presente messaggio: si avvisa il destinatario che eventuali sue risposte, potranno essere lette dall'intera azienda/ufficio/reparto di appartenenza del mittente. Informativa Privacy: ai sensi dell'art. 13 D.lgs. 196/2003, informiamo il destinatario che i suoi dati sono inseriti in archivi elettronici e trattati sia con modalità informatiche che cartacee dagli incaricati del settore amministrativo e commerciale. I dati non saranno in nessun caso comunicati o diffusi e verranno utilizzati solo per dar corso ai rapporti già in essere ed adempimenti connessi. Ai sensi degli artt. 7-8-9 del medesimo D.lgs. 196/2003 a cui si rimanda per completezza, informiamo inoltre che in qualsiasi momento e del tutto gratuitamente, potrà essere richiesta la modifica, il blocco o la cancellazione dei dati e sarà possibile opporsi a qualsiasi loro utilizzo, inviando un'e-mail o fax al Titolare del trattamento. Nota: l'informativa di sintesi, è integrata da ulteriore informativa articolata ed estesa, fornita oralmente o consegnata direttamente all'interessato
Law on privacy: Law Decree 196/2003
If you receive this message in error, please immediately delete it and all copies of it from your system, without looking at the contents and annexes and, if possible, notify us immediately. Warning: This e-mail address and the messages sent from here, can be utilized only for working and not personal reasons. Answers to this message: the addressee is warned that any answer to this message can be read by the sender and his workmates.Privacy information sheet: pursuant to art. 13 Law Decree no. 196/2003, the recipient of this e-mail message is hereby informed that his/her data have been entered in an electronic database and processed using both electronic and paper media by appointed persons in the administrative, technical and sales departments. Under no circumstances will the data be notified or disclosed and they will only be used for purposes concerning the relations already in existence and related obligations. Pursuant to articles 7-8-9 of the same Law Decree no. 196/2003 to which reference is made for the sake of completeness, we further inform that, at any time and completely free of charge, the amendment or deletion of the data may be requested and their use may be opposed by sending an e-mail or fax to the Controller of processing. This summary information sheet is supplemented by further articulated and extensive information provided orally or provided directly to the party involved.
8 months, 3 weeks