# # Description: fix signature spoofing via incorrect logic # Patch: http://cgit.freedesktop.org/dbus/dbus/commit/?id=e8f8c1c5a2bddfbf43c168323c9c9fd78f51a643 # Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532720 # Upstream: http://bugs.freedesktop.org/show_bug.cgi?id=17803 # diff -Nur -x '*.orig' -x '*~' dbus-1.1.20/dbus/dbus-marshal-validate.c dbus-1.1.20.new/dbus/dbus-marshal-validate.c --- dbus-1.1.20/dbus/dbus-marshal-validate.c 2009-07-06 10:51:41.000000000 -0400 +++ dbus-1.1.20.new/dbus/dbus-marshal-validate.c 2009-07-06 10:52:01.000000000 -0400 @@ -246,14 +246,15 @@ } } - if (last == DBUS_DICT_ENTRY_BEGIN_CHAR && - _dbus_type_is_valid (*p) && - !dbus_type_is_basic (*p)) + if (last == DBUS_DICT_ENTRY_BEGIN_CHAR) { - result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE; - goto out; + if (!(_dbus_type_is_valid (*p) && dbus_type_is_basic (*p))) + { + result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE; + goto out; + } } - + last = *p; ++p; } diff -Nur -x '*.orig' -x '*~' dbus-1.1.20/dbus/dbus-marshal-validate-util.c dbus-1.1.20.new/dbus/dbus-marshal-validate-util.c --- dbus-1.1.20/dbus/dbus-marshal-validate-util.c 2009-07-06 10:51:41.000000000 -0400 +++ dbus-1.1.20.new/dbus/dbus-marshal-validate-util.c 2009-07-06 10:52:01.000000000 -0400 @@ -227,7 +227,7 @@ "not a valid signature", "123", ".", - "(" + "(", "a{(ii)i}" /* https://bugs.freedesktop.org/show_bug.cgi?id=17803 */ };