From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 20 May 2026 01:22:32 +0000 (+0900)
Subject: sd-bus: add depth limit to message_skip_fields() to prevent stack overflow (#42164)
X-Git-Tag: v261-rc1~82
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=ce260a112fab27abd66d5016540b45d37d322a91;p=thirdparty%2Fsystemd.git

sd-bus: add depth limit to message_skip_fields() to prevent stack overflow (#42164)

`message_skip_fields()` recursively processes D-Bus variant types in
message header fields with no depth limit. A crafted message with deeply
nested variants can cause unbounded recursion and overflow the stack.

Add a `depth` parameter checked against `BUS_CONTAINER_DEPTH` (128),
matching the limit already enforced by the public
`sd_bus_message_skip()` API. All recursive call sites pass `depth + 1`,
and the top-level caller in `message_parse_fields()` passes `0`.
---

ce260a112fab27abd66d5016540b45d37d322a91