bus-message: do not crash on message with a string of zero length

We'd calculate the "real" length of the string as 'item_size - 1', which does not work out well when item_size == 0. (cherry picked from commit 81b6e63029eefcb0ec03a3a7c248490e38106073)
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2018-07-09 13:21:44 +0200
committer: Sven Eden <sven.eden@prydeworx.com> 2018-10-29 10:18:27 +0100
commit: 81bbbb9314456c236ce88b6ce92b1113c1588e1a (patch)
tree: 7c36acbea6bd1fc8191b0a7a356769dff32f47ac /src/libelogind/sd-bus
parent: 0417b51c517a9e3a40d4fe93bbe2b4db81cdd7fa (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libelogind/sd-bus/bus-message.c b/src/libelogind/sd-bus/bus-message.c
index dd4c23683..1f2dac695 100644
--- a/src/libelogind/sd-bus/bus-message.c
+++ b/src/libelogind/sd-bus/bus-message.c
@@ -3317,6 +3317,12 @@ _public_ int sd_bus_message_read_basic(sd_bus_message *m, char type, void *p) {
                 if (IN_SET(type, SD_BUS_TYPE_STRING, SD_BUS_TYPE_OBJECT_PATH, SD_BUS_TYPE_SIGNATURE)) {
                         bool ok;
 
+                        /* D-Bus spec: The marshalling formats for the string-like types all end
+                         * with a single zero (NUL) byte, but that byte is not considered to be part
+                         * of the text. */
+                        if (c->item_size == 0)
+                                return -EBADMSG;
+
                         r = message_peek_body(m, &rindex, 1, c->item_size, &q);
                         if (r < 0)
                                 return r;
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2018-07-09 13:21:44 +0200
committer	Sven Eden <sven.eden@prydeworx.com>	2018-10-29 10:18:27 +0100
commit	81bbbb9314456c236ce88b6ce92b1113c1588e1a (patch)
tree	7c36acbea6bd1fc8191b0a7a356769dff32f47ac /src/libelogind/sd-bus
parent	0417b51c517a9e3a40d4fe93bbe2b4db81cdd7fa (diff)