File dbus-cve-2014-3533.patch of Package dbus-1.openSUSE_13.1_Update

From 7da224a03a95b426f621b9a6af344f08102dda5d Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Wed, 11 Jun 2014 12:24:20 +0100
Subject: [PATCH] If loader contains two messages with fds, don't corrupt the
 second

There were two bugs here: we would previously overwrite the unused
fds with the already-used fds instead of the other way round, and
we would copy n bytes where we should have copied n ints.

Additionally, sending crafted messages in a chosen sequence to a victim
system service could cause an invalid file descriptor to be present
when dbus-daemon tries to forward one of those crafted messages to the
victim, causing sendmsg() to fail with EBADF, which resulted in
disconnecting the victim service, which would likely respond to that
by exiting. This is a denial of service (fd.o #80469, CVE-2014-3533).

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=79694
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80469
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
---
 dbus/dbus-message.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dbus/dbus-message.c b/dbus/dbus-message.c
index c6953d0..78df755 100644
--- a/dbus/dbus-message.c
+++ b/dbus/dbus-message.c
@@ -4204,7 +4204,7 @@ load_message (DBusMessageLoader *loader,
 
       message->n_unix_fds_allocated = message->n_unix_fds = n_unix_fds;
       loader->n_unix_fds -= n_unix_fds;
-      memmove(loader->unix_fds + n_unix_fds, loader->unix_fds, loader->n_unix_fds);
+      memmove (loader->unix_fds, loader->unix_fds + n_unix_fds, loader->n_unix_fds * sizeof (loader->unix_fds[0]));
     }
   else
     message->unix_fds = NULL;
-- 
2.0.0