From dea3530414f8d118e64f8ae408eb19f479abc082 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Thu, 20 Jul 2023 14:48:41 +0200 Subject: [PATCH] flatpak-proxy: Fix D-Bus disconnection with overly long object paths According to the D-Bus specifications: https://dbus.freedesktop.org/doc/dbus-specification.html#id-1.4.4 For the STRING and OBJECT_PATH types, [the data length] is encoded in 4 bytes (a UINT32). But the code was trying to parse the 32-bit integer as an 8-bit one, meaning that, as was the case with object paths created by the dLeyna project, a 259-byte long string would be parsed like a 3-byte long one. Fixes: 004b7b2ca0e9 ("Parse dbus headers") in flatpak --- flatpak-proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flatpak-proxy.c b/flatpak-proxy.c index 4878156..47e51df 100644 --- a/flatpak-proxy.c +++ b/flatpak-proxy.c @@ -1116,7 +1116,7 @@ get_signature (Buffer *buffer, guint32 *offset, guint32 end_offset) static const char * get_string (Buffer *buffer, Header *header, guint32 *offset, guint32 end_offset) { - guint8 len; + guint32 len; char *str; *offset = align_by_4 (*offset);