[gupnp] service: Limit number of call-backs to 6
- From: Jens Georg <jensgeorg src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gupnp] service: Limit number of call-backs to 6
- Date: Sat, 20 Jun 2020 18:14:49 +0000 (UTC)
commit 31b77b114b80b81f0fa0b004760126864d3bb3f2
Author: Jens Georg <mail jensge org>
Date: Thu Jun 18 20:38:17 2020 +0200
service: Limit number of call-backs to 6
libgupnp/gupnp-service.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
---
diff --git a/libgupnp/gupnp-service.c b/libgupnp/gupnp-service.c
index cf90a0c..a6e7532 100644
--- a/libgupnp/gupnp-service.c
+++ b/libgupnp/gupnp-service.c
@@ -1223,6 +1223,7 @@ subscribe (GUPnPService *service,
char *start, *end;
GUPnPServicePrivate *priv;
GUPnPContext *context;
+ int callbacks = 0;
priv = gupnp_service_get_instance_private (service);
context = gupnp_service_info_get_context
@@ -1232,7 +1233,10 @@ subscribe (GUPnPService *service,
/* Parse callback list */
start = (char *) callback;
- while ((start = strchr (start, '<'))) {
+
+ // Arbitrarily limit the list of callbacks to 6
+ // Part of CVE-2020-12695 mitigation
+ while (callbacks < 6 && (start = strchr (start, '<'))) {
start += 1;
if (!start || !*start)
break;
@@ -1258,6 +1262,7 @@ subscribe (GUPnPService *service,
*end = '>';
start = end;
+ callbacks++;
}
if (!data->callbacks) {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
